Email Scams: Criminals Try To Steal $3bn

Criminals have tried to snatch more than $3bn from companies globally by pretending to be executives and using fake email accounts, an increase of 50 per cent over 10 months, according to the Federal Bureau of Investigation.

More than 22,000 businesses have been hit by the scam, known as “business email compromise”, with $3bn in actual and attempted losses between October 2013 and May this year. That is up from $1.2bn reported from October 2013 until the end of August 2015, the FBI said.

Of the $3bn, 14,000 victims were in the US and were targeted for $960m, according to FBI data. About a quarter of those victims wired money overseas.

The scam involves a criminal mimicking an email of a chief executive, lawyer or adviser and ordering an employee to wire money to an account overseas. By the time the employee realizes he has been tricked, the cash is usually withdrawn.

The rapid increase is due to better reporting of alleged scams by victim companies and better classification of the crime globally, said Mitchell Thompson, a supervisory special agent and head of the financial cyber-crimes task force in the FBI’s New York office. Within the past few months more than 600 complaints have landed on his desk.

This year in the US, criminals have been targeting property companies to steal closing fees on housing sales. Some companies have been asked by imposters to email employee wage and tax statements.

The FBI said that companies were most successful in foiling criminals if they reported an attempted fraud within the first 72 hours, the window during which authorities can most often freeze accounts and retrieve cash.

Recently, FBI officials also warned businesses about the rise in ransomware, which is estimated to have resulted in losses of more than $50m since 2005. Nearly half of that was reported last year. This year, criminals have been targeting healthcare companies and universities.

Richard Jacobs, the assistant special agent in charge of the cyber branch in the FBI’s New York bureau, said that he was anticipating an increase in ransom attacks on mobile devices, which are vulnerable because people routinely log on to their bank accounts, store passwords and access other sensitive information on them.

In a ransomware attack, criminals gain control of a computer or network by a phishing email scheme or steal credentials after a user visits an infected website. Once inside, they encrypt the data and demand a ransom, usually in bitcoin, to unfreeze it.

“There is a business model in some respects for criminals because they perceive it to be lucrative,” Mr. Jacobs said. “This threat is something that is continually evolving.”

The FBI officials said that they did not condone paying a ransom, but recognised that for some companies it was a business decision to get their operations back up and running.

FT

 

« Is An ISIS Nuclear Attack In Europe Really A Threat?
An Inside Job: Looking For Cyber Criminals »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Cyphercor

Cyphercor

Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

Palmchip

Palmchip

Palmchip is a Cyber Security, SOC and Software consulting company. We design and develop high performance and secure applications.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.