FBI Warning on CEO Fraud
If your business uses computers, the FBI has just put out a warning you might want to pay attention to. According to the federal agency, there has been a dramatic increase in business email compromise (BEC) scams. Also known as CEO fraud, it amounts to $2.3 billion in losses annually.
Scammers typically do research in order to replicate a company’s internal email or impersonate an associated vendor or attorney. In some cases they pretend to be the CEO. By looking into employees that are involved in dealing with money, they can then use language that is specific to this particular business in order to request a wire transfer of a dollar amount that sounds legitimate to their day to day operation.
Many of the victims are businesses that have foreign suppliers or regularly wire money, but the targets of these are everything from non-profits, to tech firms, to large corporations. The FBI has seen a 270% increase in CEO fraud since the beginning of 2015, with complaints from victims in every state and 79 countries.
The average loss for a business taken in by a BEC scam is between $25,000 and $75,000, but a few common sense practices can help you avoid becoming a victim. Like in every other aspect of web security, it’s a good idea to use multi-level authentication and be on the lookout for spoofed email addresses. You should also be wary of any allegedly urgent wire transfer request that comes through email. Also, take the extra step to reach out and contact that person or organization to verify their identity. Simulated phishing attacks is a good way to get employees familiar with tactics scammers use in order to recognize attacks when they happen.
If you find that you’ve been the victim of a BEC scam the most important thing to do is notify your financial institution to stop any payments. You can go a step further by requesting that they contact the institution where the transfer was sent. Regardless of whether or not or how much money was lost, contact the Internet Crime Complaint Center (IC3). Working in conjunction with other agencies including the FBI, the IC3 not only tracks cybercrime complaints, it acts as a central reporting organization that notifies the appropriate law enforcement agency based on the nature of the crime.