In-brief: the FBI is warning the public to beware of business email compromise attacks, saying that they have cost U.S. businesses more than $1.6 billion in losses since 2013.
The U.S. Federal Bureau of Investigation (FBI) is warning business owners and the public about the growing threat posed by so-called “business email compromises,” a form of online scam in which employees are fooled into transferring money to cyber criminals, often believing that they are acting on orders from senior executives.
The FBI said that it only began tracking business email compromise (BEC) attacks as a unique crime type in 2017, but that it has recorded a massive increase in incidents of business and other types of email account compromise attacks, may be responsible for $1.6 billion in losses in the U.S. since 2013 and $5.3 billion globally.
The FBI and international law enforcement recorded more than 40,000 incidents of Business Email Compromise or other email account compromise attacks in 2016, a 2,370% increase since the start of 2015. And reports are accelerating. In just the last half of 2016, the FBI received reports of 3,044 U.S. victims reporting losses of $346 million, the Bureau reported.
Asian banks located in China and Hong Kong are the primary destinations of fraudulent funds wired in the BEC scams. But the FBI said that financial institutions in the United Kingdom have also been identified as destinations.
Business email compromises happen when cyber criminals target senior level executives, gaining access to or control over their email accounts or impersonating them with email from look-alike domains. Using their knowledge of an organization, the cyber criminals instruct lower level employees to wire money or divulge other sensitive data, such as employees W-2 forms to the cyber criminals.
In recent months, email compromises have made headline. A Lithuanian hacker used email messages to impersonate suppliers, bilking companies like Facebook and Apple out of $100 million over a period of two years. The Austrian airplane parts maker FACC AG recently fired its CEO after a business email compromise drained an estimated $54 million from the company’s coffers.
The FBI’s Internet Crime Complaint Center (IC3) compiled the statistics, which were reported by victims directly to the Center.
Among the new trends identified: W-2 theft, as well as real estate transactions, with cyber criminals targeting buyers, sellers, agents and lawyers. IC3 said it saw a 480% rise in the number complaints from real estate title companies targeted by BEC scams.
Awareness of the threat is the best protection, the FBI said. However, the Bureau also warned companies to avoid free web-based e-mail accounts for company business and to limit employees posting to social media. Companies should also adopt two-factor authentication tools to make account takeovers more difficult.