Skip to main content

FBI reveals true cost of email scams for businesses

In the past 14 months, cyber thieves stole some £141.5 million ($215m) from businesses, the FBI claims.

As online security blog Krebs on Security writes, the scams start when business executives or employees have their email accounts hijacked.

The scams include companies working in the US, as well as those in other countries.

Federal investigators say the so-called “business email compromise” (BEC) swindle is a sophisticated and increasingly common scam, targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

Victims may be small or large businesses, usually purchasing different goods like pharmaceuticals, textiles, food or furniture.

“The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,” the agency warned.

“In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank ‘X’ for reason ‘Y.'”

Internet Crime Compliant Center (IC3) says the scams are carefully planned, and that the thieves spend some time studying the company, their employees and business conducted.

“Fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed,” the IC3 alert warns.

“The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment.

"Victims may also first receive ‘phishing’ e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc).”

It’s advised that companies use two-step verifications wherever they can.