It’s time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked.
Federal investigators say the so-called “business email compromise” (BEC) swindle is a sophisticated and increasingly common scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.
According to new data from the Internet Crime Complaint Center (IC3) — a partnership between the National White Collar Crime Center and the FBI — the victims of BEC scams range from small to large businesses that may purchase or supply a variety of goods, such as textiles, furniture, food, and pharmaceuticals.
One variation on the BEC scam, also known as “CEO fraud,” starts with the email account compromise for high-level business executives (CFO, CTO, etc). Posing as the executive, the fraudster sends a request for a wire transfer from the compromised account to a second employee within the company who is normally responsible for processing these requests.
“The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,” the agency warned. “In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank ‘X’ for reason ‘Y.'”
The IC3 notes that the fraudsters perpetrating these scams do their homework before targeting a business and its employees, monitoring and studying their selected victims prior to initiating the fraud. Continue reading →