Over the past three years, victims in the United States alone have lost over $960 million to fraudulent email scams. That is nearly a billion dollars! Actually, closer to 3 billion, as FBI figures that include global data from international law enforcement and financial groups show a loss totaling $3.1 billion. Even worse, if you think about the 22,143 victims, that is a pretty hefty chunk of cash demanded of each victim.
Scammers “pretend” to be a business executive at a firm, company, or trusted supplier, and easily fool members of the organization into thinking that the claims are legitimate. I use the word pretend loosely, as not much is needed for hackers to get into character and slide by any suspicion. By hacking into email accounts within an organization, scammers are able to gain control of email, and send off as many fake emails as they wish. The email may contain something mentioning a wire transfer of money. We call this type of cybercrime “CEO Fraud” and “The Supplier Swindle”. This type of crime is not limiting to only internal email access, some hackers choose to create fake email accounts that may resemble those of the CEO or suppliers. In other cases scammers pretend to be lawyers that are handling confidential matters and therefore force the victim into giving up the cash. So far such scams have requested wire transfers to over 79 countries, and according to the FBI, mostly going to banks located in China and Hong Kong.
The FBI also noted that occasionally and without warning, hackers will follow up this CEO Fraud with an attack via ransomware. In these cases victims have received emails that contain links or attachments that when clicked, begin the installation of malware on the host. If opened, data becomes unavailable and the hacker has all the power until the ransom is met, if they even decide to let up once that ransom is met.
The FBI has provided a little insight into avoiding such attacks, letting us know that these scams are planned carefully and not every company is a target. Company employees are advised to be extra careful when posting to social media, or otherwise broadcasting information. As we have all heard before, spam should not be opened and any unfamiliar emails/attachments should not be opened. The FBI also warns that any and all wire transfers should be verified with phone calls between parties. Not a
There are ways to ward off the danger, although the advice doesn’t leave us feeling totally secure. The FBI said the scammers study their targets carefully, so company employees should be careful about what professional details they post to social media. Spam should never be opened, and any wire transfers should be verified with telephone calls between the subjects. It has been shown that at least 31 percent of the time the scammers use an account pretending to be the CEO, so keep that in mind.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: Companies pay out billions to fake-CEO email scams