One of our clients was recently a victim of a spoofed email involving a wire transfer fraud. Because of this, we thought that all of our clients and business contacts should be reminded of the internet dangers posed by cyber criminals.
The FBI has recently reported a dramatic increase in cyber related crimes involving spoofed emails. Email spoofing involves counterfeiting of an email header so that the email message appears to the recipient as originated from someone else. Phishing uses emails to collect confidential information often with malicious intent.
Attempts at cyber wire fraud globally, via emails reporting to be from trusted business associates, surged in 2017 and 2016, the U.S. Federal Bureau of Investigation said in a recent warning to businesses. Fraudsters sought to steal billions of dollars through schemes known as business email compromise, the FBI said in a report recently released by its Internet Crime Complaint Center.
The number of business email compromise cases, in which cyber criminals request wire transfers in emails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40,203 from 22,143, the FBI said.
The losses are growing as scammers become more sophisticated, delving deeper into corporate finance departments to find susceptible targets. The United States is by far the biggest target market for these fraudsters.
The FBI has said that one in four U.S. victims respond by wiring money to fraudsters. In some of those cases, authorities have been able to help victims recover the funds from banks before the criminals pulled them out of the banking system.
Fraudsters have also used spoofed emails to trick corporate workers into releasing sensitive data, including wage and tax reports, according to the advisory.
The FBI categorizes cyber crimes as follows:
- Business Email Compromise (BEC): A scam targeting businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts to conduct unauthorized transfers of funds.
- Email Account Compromise (EAC): Similar to BEC, this scam targets the general public and professionals generally associated with financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised emails to request payments to fraudulent locations.
- Data Breach: A leak of data from a secure location to an unknown environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected, or confidential information that is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
- Denial of Service: An interruption of an authorized user's access to any system or network, typically orchestrated with malicious intent.
- Malware/Scareware: Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
- Phishing/Spoofing: An example is an email falsely claiming to be from an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user's information.
- Ransomware: A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and systems. Ransomware is frequently delivered through spear phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. Once the victim organization determines they are no longer able to access their data, the cyber perp demands the payment of a ransom.
We must be diligent in our cybercrime deterrence efforts. Prevention and education are key to this effort. Don't become another victim of this potentially devastating fraud.
Smolin has access to resources to assist clients who are concerned about this risk. We can also assist those who suffered a loss from it. Please let us know if you have any questions regarding this topic or if you require assistance in this area.