FBI shares tips in defense against Business Email Compromise scams
The Business Email Compromise scam has been around for a few years but, as a new analysis from the Federal Bureau of Investigation's Internet Crime Complaint Center shows, it is a scam that has grown so large that it costs American companies hundreds of millions of dollars a year.
Worldwide this scam racked up more than $5 billion in losses or attempted losses between October 2013 and December 2016.
There are a number of variations on how this scam works, but here are the basics:
The fraudster either spoofs an email account or is able to hack an account at a victim company. The fraudster then sends an invoice to a second company demanding payment. Both companies typically have a long-standing relationship, and that invoice doesn't look out-of-the ordinary. The fraudster arranges for the funds to be wired to an account he controls.
In a variation of this scam, the fraudster gets control of an email account belonging to an executive at the victim company — a CEO, CFO or the like. Using that executive's persona, he sends a request to the finance department asking for a payment to be wired to another vendor immediately. The unsuspecting employee makes the transaction happen quickly to keep the boss happy. Regardless of how the scam plays out, the victim company suffers the loss.
So what can businesses do? Here are a few options: