Email Scams: Criminals Try To Steal $3bn

Criminals have tried to snatch more than $3bn from companies globally by pretending to be executives and using fake email accounts, an increase of 50 per cent over 10 months, according to the Federal Bureau of Investigation.

More than 22,000 businesses have been hit by the scam, known as “business email compromise”, with $3bn in actual and attempted losses between October 2013 and May this year. That is up from $1.2bn reported from October 2013 until the end of August 2015, the FBI said.

Of the $3bn, 14,000 victims were in the US and were targeted for $960m, according to FBI data. About a quarter of those victims wired money overseas.

The scam involves a criminal mimicking an email of a chief executive, lawyer or adviser and ordering an employee to wire money to an account overseas. By the time the employee realizes he has been tricked, the cash is usually withdrawn.

The rapid increase is due to better reporting of alleged scams by victim companies and better classification of the crime globally, said Mitchell Thompson, a supervisory special agent and head of the financial cyber-crimes task force in the FBI’s New York office. Within the past few months more than 600 complaints have landed on his desk.

This year in the US, criminals have been targeting property companies to steal closing fees on housing sales. Some companies have been asked by imposters to email employee wage and tax statements.

The FBI said that companies were most successful in foiling criminals if they reported an attempted fraud within the first 72 hours, the window during which authorities can most often freeze accounts and retrieve cash.

Recently, FBI officials also warned businesses about the rise in ransomware, which is estimated to have resulted in losses of more than $50m since 2005. Nearly half of that was reported last year. This year, criminals have been targeting healthcare companies and universities.

Richard Jacobs, the assistant special agent in charge of the cyber branch in the FBI’s New York bureau, said that he was anticipating an increase in ransom attacks on mobile devices, which are vulnerable because people routinely log on to their bank accounts, store passwords and access other sensitive information on them.

In a ransomware attack, criminals gain control of a computer or network by a phishing email scheme or steal credentials after a user visits an infected website. Once inside, they encrypt the data and demand a ransom, usually in bitcoin, to unfreeze it.

“There is a business model in some respects for criminals because they perceive it to be lucrative,” Mr. Jacobs said. “This threat is something that is continually evolving.”

The FBI officials said that they did not condone paying a ransom, but recognised that for some companies it was a business decision to get their operations back up and running.

FT

 

« Is An ISIS Nuclear Attack In Europe Really A Threat?
An Inside Job: Looking For Cyber Criminals »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Military Cyber Professionals Association (MCPA)

Military Cyber Professionals Association (MCPA)

MCPA are a team of Soldiers, Sailors, Airmen, Marines, Veterans and others interested in the development of the American military cyber profession.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Trianz

Trianz

Trianz Cybersecurity Services are Powered by One of the World’s Largest Databases on Digital Transformation. We Understand Evolving Risks, Technologies and Best Practices.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

Awareness Software Limited (ASL)

Awareness Software Limited (ASL)

As Hosting Specialists, Awareness Software offer practical and affordable hosting solutions including backup and disaster recovery and a range of cybersecurity services.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.