Email Scams: Criminals Try To Steal $3bn

Uploaded on 2016-06-23 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Criminals have tried to snatch more than $3bn from companies globally by pretending to be executives and using fake email accounts, an increase of 50 per cent over 10 months, according to the Federal Bureau of Investigation.

More than 22,000 businesses have been hit by the scam, known as “business email compromise”, with $3bn in actual and attempted losses between October 2013 and May this year. That is up from $1.2bn reported from October 2013 until the end of August 2015, the FBI said.

Of the $3bn, 14,000 victims were in the US and were targeted for $960m, according to FBI data. About a quarter of those victims wired money overseas.

The scam involves a criminal mimicking an email of a chief executive, lawyer or adviser and ordering an employee to wire money to an account overseas. By the time the employee realizes he has been tricked, the cash is usually withdrawn.

The rapid increase is due to better reporting of alleged scams by victim companies and better classification of the crime globally, said Mitchell Thompson, a supervisory special agent and head of the financial cyber-crimes task force in the FBI’s New York office. Within the past few months more than 600 complaints have landed on his desk.

This year in the US, criminals have been targeting property companies to steal closing fees on housing sales. Some companies have been asked by imposters to email employee wage and tax statements.

The FBI said that companies were most successful in foiling criminals if they reported an attempted fraud within the first 72 hours, the window during which authorities can most often freeze accounts and retrieve cash.

Recently, FBI officials also warned businesses about the rise in ransomware, which is estimated to have resulted in losses of more than $50m since 2005. Nearly half of that was reported last year. This year, criminals have been targeting healthcare companies and universities.

Richard Jacobs, the assistant special agent in charge of the cyber branch in the FBI’s New York bureau, said that he was anticipating an increase in ransom attacks on mobile devices, which are vulnerable because people routinely log on to their bank accounts, store passwords and access other sensitive information on them.

In a ransomware attack, criminals gain control of a computer or network by a phishing email scheme or steal credentials after a user visits an infected website. Once inside, they encrypt the data and demand a ransom, usually in bitcoin, to unfreeze it.

“There is a business model in some respects for criminals because they perceive it to be lucrative,” Mr. Jacobs said. “This threat is something that is continually evolving.”

The FBI officials said that they did not condone paying a ransom, but recognised that for some companies it was a business decision to get their operations back up and running.

FT

 

« Is An ISIS Nuclear Attack In Europe Really A Threat?
An Inside Job: Looking For Cyber Criminals »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

DTS Systeme

DTS Systeme

DTS Systeme is an IT service provider with a focus on the core areas of datacenter, technologies and IT security.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.

Morrow Global Network

Morrow Global Network

Morrow is the global venture network for venture accelerators, studios, hubs, and their visionary leaders.

DarkHorse Security

DarkHorse Security

DarkHorse exists to make it easy and affordable for organizations to be able to identify their cybersecurity vulnerabilities.