Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

FBI Warns That E-mail Scams Have Cost Businesses $1.2 Billion Since 2013

September 3, 2015

Naked Security recently reported on the FBI's warning to businesses to be alert for phishing e-mails. These are often targeted attacks, in which e-mails appear to come from a colleague or trusted supplier.

The FBI calls this family of scams "Business Email Compromise" (BEC) scams. Since October 2013, BEC scams have cost businesses around the world over $1.2 billion according to the agency. While losses in some 80 countries were tallied up, U.S. businesses were hit the hardest. 7,000 US businesses have reported $747 million in losses, with an average loss of $130,000.

The scammers, who appear to be members of organized crime groups operating out of Africa, Eastern Europe and the Middle East, are targeting businesses that work with overseas suppliers or regularly make wire transfer payments. But instead of sending funds to legitimate suppliers, the money transfers end up in bank accounts controlled by the criminals, mostly with banks based in China.

The scammers succeed by compromising legitimate email accounts through social engineering or malware that steals account credentials. They then use access to e-mail accounts to gather information about billing and invoices that won't raise the suspicion of employees who send transfer payments.

BEC e-mail scams are proliferating rapidly – up 270% since the beginning of 2015.

What to do? Naked Security and Sophos expert Paul Ducklin offer the following tips:

Revisit your outbound e-mail filtering rules to prevent sensitive information from going out to inappropriate destinations.
Require multiple approvals for overseas wire transfers.
Have strict controls over changes in payment details or the creation of new accounts.
Use strong passwords and consider two-factor authentication (2FA) to make it harder for crooks to gather intelligence from your network in the first place.
Consider a "back to base" VPN for remote users so their online security is kept up, even on the road.
Have your own "central reporting" system, in the manner of IC3, where staff can call in suspicious messages to prevent crooks trying different employees with the same scam until a weak spot is found.
Think twice about publicly posting personnel information that could be abused in phishing attacks.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

FBI Warns That E-mail Scams Have Cost Businesses $1.2 Billion Since 2013

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer