Businesses have lost billions of dollars to fast-growing scams where fraudsters impersonate company executives in e-mails that order staff to transfer to accounts controlled by criminals, according to the U.S. Federal Bureau of Investigation. This has even affected some SIM2K clients, so businesses need to be on the look-out for such "spearphishing" attempts. Especially if your business is not one to frequently utilize wire transfers – or if the request seems to be unusually large or otherwise suspicious.
Losses from these scams, which are known as "business e-mail compromise," totaled more than $2.3 billion from October 2013 through February of this year, the FBI said in an alert issued this week, citing reports to law enforcement agencies around the globe. The cases involved some 17,642 businesses of all sizes scattered across at least 79 countries, according to the FBI.
Law enforcement and cyber security experts have been warning that business e-mail compromise was on the rise, but the extent of losses has not previously been disclosed. Cyber security experts say they expect losses to grow as the high profits will attract more criminals. The FBI's alert said that fraudsters go to great lengths to spoof company email accounts and use other methods to trick employees into believing that they are receiving money-transfer requests from CEOs, corporate attorneys or trusted vendors. "They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy," the alert said. It said they often target businesses that work with foreign suppliers or regularly perform wire transfers.
The size of the losses vary widely from case to case. Austrian aircraft parts FACC said in January that it lost about 50 million euros ($55 million) through such a scam. In Arizona, the average loss ranges from $25,000 to $75,000, according to the FBI.The FBI said in its alert, which was dated Monday, that it has seen a 270% increase in identified victims and exposed loss since January 2015.
As reported by Reuters