advertisement
advertisement
advertisement

Cyber Thieves Stole $215 Million From Businesses By Using Hacked Email Addresses

Cyber Thieves Stole $215 Million From Businesses By Using Hacked Email Addresses

Here’s a nightmare scenario: You’re working in the accounts department, when you receive an email from your boss, asking that you urgently wire one of the company’s foreign suppliers a five-figure sum that has been somehow missed. You do, and then you email your boss to let him or her know–only to receive an email back that reads, “Which wire transfer?”

Yep, you’ve been scammed–and according to a recent alert from the FBI, it’s one that cyber thieves have used to pilfer almost $215 million from businesses over the past 14 months. The scam works when business executives have their email accounts compromised, at which point the scammers go into action.

Rather than spamming thousands of people at a time as with a regular email scam, the “business email compromise” (BEC) swindle specifically targets businesses known to work with foreign suppliers or other businesses, and to routinely use wire transfer payments.

“The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,” the FBI warned. “In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank ‘X’ for reason ‘Y.’”

Scammers may even be smart enough to know when executives are away on business, and therefore not likely to know that a scam has taken place using their address. In preparation, some victims have reported receiving “phishing” emails asking for details of businesses or individuals being targeted.

It’s a timely reminder that, no matter how great email and other tech-aided communication forms may be, sometimes you can’t beat a bit of face-to-face communication. Or, at the very least, a telephone call.

[via KrebsOnSecurity]LD