Fake CEO Email Scam Nets Fraudsters £1.6 Billion

Businesses have been warned to be wary of emails pertaining to be from company executives following the discovery of a wire transfer scam that is reaping billions of dollars for fraudsters.

The FBI made the warning about the so called “business email compromise” (B.E.C) swindle in an alert on the website of the agency’s Phoenix bureau. It estimated that over the past three years these scams have cost businesses more than $2.3 billion (£1.6bn) in losses.

Scam

“FBI officials are warning potential victims of a dramatic rise in the business email compromise scam or “B.E.C.,” a scheme that targets businesses and has resulted in massive financial losses in Phoenix and other cities,” the FBI said.

“The schemers go to great lengths to spoof company email or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor,” it added.

The fraudsters apparently actively research staff who deal with the money side of the business, and use language specific to the company they are targeting. “Typically, the fraudsters request a wire fraud transfer using dollar amounts that lend legitimacy,” said the FBI.

Victims have included “large corporations to tech companies”, as well as “small businesses to non-profit organisations.” It said that often the fraudsters will target businesses that deal with foreign suppliers or regularly perform wire transfer payments.

And it is not just American firms being targeted.

The FBI says the scam is present in every US state, as well as “at least” 79 countries around the world. It said that from October 2013 through February 2016, law enforcement received reports from 17,642 victims, which is a staggering number of businesses.

“This amounted to more than $2.3 billion in losses,” said the FBI. “Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss.” It said that in Arizona the average loss per scam is between $25,000 and $75,000.

FBI Advice

It recommends that any businesses that thinks it has been a victim of this scam should immediately contact their relevant financial institution and ask for them to contact the financial institution where the fraudulent transfer was sent.

Victims should also file a complaint (regardless of the financial costs) with the IC3 (the US Internet Crime Complaint Centre).

Its advice for businesses is to be be wary of email-only wire transfer requests and requests involving urgency. Staff are urged to pick up the phone and verify legitimate business partners, and also be cautious of mimicked email addresses.

The FBI also recommended that businesses implement multi-level authentication to prevent a fraudster impersonating a company executive.

This is not the first time that the FBI has warned about these BEC scams.

In January 2015 for example, the FBI said that in the last 14 months alone, cyber thieves had stolen nearly $215m (£152m) from businesses using the BEC scam.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Amazon Drivers Risk Increasing Number Of Injuries

Study shows that nearly one in five Amazon delivery drivers suffered injuries in 2021- again…

40 mins ago

Nokia CEO Predicts 2030 Arrival For 6G, But Not On Smartphone

Nokia CEO Pekka Lundmark offers his predictions as to arrival of 6G connectivity in this…

5 hours ago

Mark Zuckerberg Sued By DC AG Over Cambridge Analytica Scandal

Four years later, and Washington DC Attorney General decides to sue Mark Zuckerberg personally over…

6 hours ago

Global Digital Tax Law Not Ready Until 2024, Says OECD

Corporation tax delay. Rollout of 15 percent tax agreement for big name corporations only likely…

10 hours ago

Silicon UK In Focus Podcast: The Future of SaaS

How has Saas become an essential component of a successful business? The importance of a…

10 hours ago