The FBI released a new public service announcement on Tuesday warning businesses about CEO email fraud.
More than $3 billion has been lost globally to CEO
email fraud, otherwise known as BEC (business email compromise) or whaling attempts, according to the FBI.
BEC email scams compromise legitimate email addresses through social engineering,
when cybercriminals often pose as legitimate business professionals within the targeted organization, a business partner or a vendor.
These aren’t obvious hacks, as the schemers often go
to great lengths to research targeted companies, including researching employees and using language that is specific to the target in question.
Since January 2015, there has been a 1300%
increase in financial loss due to email scam, according to the announcement. Victims derive from all 50 U.S. states and over 100 countries.
The FBI warns that wire transfer payments are the
most common source of financial loss, but that some victims report using checks as sources of payments, as well.
“Reports indicate that fraudulent transfers have been sent to 79
countries with the majority going to Asian banks located within China and Hong Kong,” says the FBI in its public service announcement.
The FBI’s announcement this week was an update to an April public service announcement that reported 2.3 billion
had been lost due to BEC scams. Within two short months, 700 million additional dollars have been lost to email-based phishing attacks.
To protect companies from financial loss, and the wider
repercussions of data theft, the Internet Crime Complaint Center (IC3) has noted common characteristics of BEC scams that email users should be on the alert for.
Businesses using open-source
email accounts were predominantly targeted, and employees who manage wire transfers were top targets. The phrases “code to admin expenses” and “urgent wire transfer” are
commonly reported by victims. Fraudulent emails often coincide with business travel dates for the executives who have been spoofed.