FBI: Businesses Lost $215M to Email Scams

A recent post in Krebs on Security discusses an alert posted from the FBI, noting that cyber thieves have stolen nearly $215 million from business over the last 14 months alone from scams that start when email accounts are hijacked via email scams. This con, called “business email compromise,” is both a sophisticated and increasingly common scam that targets businesses working with foreign suppliers and those that engage in regular wire transfers. The post outlined in the security news and investigation blog shows data pulled from the Internet Crime Compliant Center, which details the following statistics regarding the BEC scam:

One variation of the BEC scam is called “CEO fraud,” which targets the email account of a high-level executive (such as a CEO or CFO) and, posing as the aforementioned, the hacker sends a request for a wire transfer to another employee within the organization that’s normally responsible for handling such requests. According to the Internet Crime Compliant Center, “…the requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,” the agency warned. “In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank ‘X’ for reason ‘Y.’” It’s clear, based off of how convincing these emails are, that those involved do extensive research before initiating the scam in order to appear as convincing as possible.

More information from the Krebs on Security post can be found here:
FBI: Businesses Lost $215M to Email Scams

A detailed PSA from the Internet Crime Compliant Center can be found here: http://www.ic3.gov/media/2015/150122.aspx