270% jump in CEO email fraud costs businesses £1.63 billion

CEO Email Scams By Michael Shuff, 7Safe Lead Reporter | 19 April 2016

Cyber experts expect losses to grow as high profits attract more criminals.

FBI officials in Phoenix are warning potential victims of a dramatic rise in the business e-mail compromise scam (‘B.E.C.’) which is believed to have cost organisations billions of dollars. [Source: FBI Warns of Dramatic Increase in Business E-Mail Scams].  The FBI says that fraudsters go to great lengths to spoof company email accounts and use other methods to trick employees into believing that they are receiving money-transfer requests from CEOs, corporate attorneys or trusted vendors.

"They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy," the alert said.

The email fraudsters often target businesses that work with foreign suppliers or regularly perform wire transfers. They impersonate company executives in emails that order staff to transfer to accounts controlled by criminals. Losses from these scams totalled more than $2.3 billion from October 2013 through February of this year. The cases involved some 17,642 businesses of all sizes scattered across at least 79 countries and represents a huge 270% increase since February 2016.

This type of scam, also known as “whaling,” involves attackers posing as a top company exec in order to trick employees into wiring funds to a scammer bank account—or releasing sensitive information, like tax forms.

Law enforcement and cyber security experts have been warning that business email compromise was on the rise, however, the full extent of losses has not previously been disclosed to the public. The published statistics show law enforcement globally has received complaints from victims in at least 79 countries.

If your organisation has been the victim of an email scam of this kind, the FBI’s advice is simple:

  • Contact your financial institution immediately
  • Request that they contact the financial institution where the fraudulent transfer was sent
  • File a complaint—regardless of dollar loss—with the IC3 [The ‘Internet Crime Complaint Center’].

7Safe’s cyber security lead, Stephen Bailey, suggests the following actions to help keep your business safe from BEC fraud: “Be wary of e-mail-only wire transfer requests. When a request involves urgency, keep in mind that scammers try to pressure you into making a payment using psychology. Obedience to the scammer’s commands to transfer money might seem like the right thing to do, until you consider the facts. What evidence have you that this person is really who they claim to be?  Your first move should be to pick up the phone and verify that this email is from a legitimate business partner.  Be cautious of (mimicked) spoofed e-mail addresses, and don’t be taken in by information in the contents of the email that suggest it is from a legitimate partner organisation. Even though the request appears urgent and from the right person, still take time to check by phone or by sending a separate email to the individual using the known email address in your contact list. Also, practice multi-level authentication when making transfers. Make fraud of this kind hard work!”



« Back