Email Scams: Criminals Try To Steal $3bn

Uploaded on 2016-06-23 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Criminals have tried to snatch more than $3bn from companies globally by pretending to be executives and using fake email accounts, an increase of 50 per cent over 10 months, according to the Federal Bureau of Investigation.

More than 22,000 businesses have been hit by the scam, known as “business email compromise”, with $3bn in actual and attempted losses between October 2013 and May this year. That is up from $1.2bn reported from October 2013 until the end of August 2015, the FBI said.

Of the $3bn, 14,000 victims were in the US and were targeted for $960m, according to FBI data. About a quarter of those victims wired money overseas.

The scam involves a criminal mimicking an email of a chief executive, lawyer or adviser and ordering an employee to wire money to an account overseas. By the time the employee realizes he has been tricked, the cash is usually withdrawn.

The rapid increase is due to better reporting of alleged scams by victim companies and better classification of the crime globally, said Mitchell Thompson, a supervisory special agent and head of the financial cyber-crimes task force in the FBI’s New York office. Within the past few months more than 600 complaints have landed on his desk.

This year in the US, criminals have been targeting property companies to steal closing fees on housing sales. Some companies have been asked by imposters to email employee wage and tax statements.

The FBI said that companies were most successful in foiling criminals if they reported an attempted fraud within the first 72 hours, the window during which authorities can most often freeze accounts and retrieve cash.

Recently, FBI officials also warned businesses about the rise in ransomware, which is estimated to have resulted in losses of more than $50m since 2005. Nearly half of that was reported last year. This year, criminals have been targeting healthcare companies and universities.

Richard Jacobs, the assistant special agent in charge of the cyber branch in the FBI’s New York bureau, said that he was anticipating an increase in ransom attacks on mobile devices, which are vulnerable because people routinely log on to their bank accounts, store passwords and access other sensitive information on them.

In a ransomware attack, criminals gain control of a computer or network by a phishing email scheme or steal credentials after a user visits an infected website. Once inside, they encrypt the data and demand a ransom, usually in bitcoin, to unfreeze it.

“There is a business model in some respects for criminals because they perceive it to be lucrative,” Mr. Jacobs said. “This threat is something that is continually evolving.”

The FBI officials said that they did not condone paying a ransom, but recognised that for some companies it was a business decision to get their operations back up and running.

FT

 

« Is An ISIS Nuclear Attack In Europe Really A Threat?
An Inside Job: Looking For Cyber Criminals »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Antigen Security

Antigen Security

Antigen Security is a Digital Forensics, Incident Response and Recovery Engineering firm helping businesses and service providers prepare for, respond to, and recover from cyber threats.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.