CEO Fraud Costs a Single Business $100 Million
In what the FBI is saying is the largest case of Business Email Compromise (BEC) or CEO Fraud, an unknown American Company lost $100 million to scammers. With CEO Fraud, criminals research the employees of companies that do business with foreign suppliers to find out who handles their wire transfers. They then social engineer that employee using phishing emails to have money transferred into an account controlled by the scammers.
The theft went public after the US government sought to recover $25 of the lost funds held in over 20 different foreign banks by filing a civil forfeiture lawsuit in a Manhattan court. While most of the other $75 million has already been recovered, the rest has been laundered through financial institutions spread around the world. Law enforcement agencies have frozen 20 accounts worldwide in places like Cyprus, Estonia, Latvia, Slovakia, Lithuania, Hungary, and Hong Kong that were part of the operation.
The crime was discovered only after a bank in Cyprus identified and flagged the suspicious transfers. Scammers had tricked the company into sending $98.9 million to Eurobank Cyprus Ltd. rather than to their vendor.
Like in every other aspect of web security, it’s a good idea to use multi-level authentication and be on the lookout for spoofed email addresses. You should also be wary of any allegedly urgent wire transfer request that comes through email. Also, take the extra step to reach out and contact that person or organization to verify their identity. Simulated phishing attacks are a good way to get employees familiar with tactics scammers use in order to recognize attacks when they happen.
According to the FBI, companies have lost $2.3 billion to CEO Fraud since October of 2013. If you think that you or your business might be at risk contact us for a consultation.