Email Scams: Criminals Try To Steal $3bn

Uploaded on 2016-06-23 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Criminals have tried to snatch more than $3bn from companies globally by pretending to be executives and using fake email accounts, an increase of 50 per cent over 10 months, according to the Federal Bureau of Investigation.

More than 22,000 businesses have been hit by the scam, known as “business email compromise”, with $3bn in actual and attempted losses between October 2013 and May this year. That is up from $1.2bn reported from October 2013 until the end of August 2015, the FBI said.

Of the $3bn, 14,000 victims were in the US and were targeted for $960m, according to FBI data. About a quarter of those victims wired money overseas.

The scam involves a criminal mimicking an email of a chief executive, lawyer or adviser and ordering an employee to wire money to an account overseas. By the time the employee realizes he has been tricked, the cash is usually withdrawn.

The rapid increase is due to better reporting of alleged scams by victim companies and better classification of the crime globally, said Mitchell Thompson, a supervisory special agent and head of the financial cyber-crimes task force in the FBI’s New York office. Within the past few months more than 600 complaints have landed on his desk.

This year in the US, criminals have been targeting property companies to steal closing fees on housing sales. Some companies have been asked by imposters to email employee wage and tax statements.

The FBI said that companies were most successful in foiling criminals if they reported an attempted fraud within the first 72 hours, the window during which authorities can most often freeze accounts and retrieve cash.

Recently, FBI officials also warned businesses about the rise in ransomware, which is estimated to have resulted in losses of more than $50m since 2005. Nearly half of that was reported last year. This year, criminals have been targeting healthcare companies and universities.

Richard Jacobs, the assistant special agent in charge of the cyber branch in the FBI’s New York bureau, said that he was anticipating an increase in ransom attacks on mobile devices, which are vulnerable because people routinely log on to their bank accounts, store passwords and access other sensitive information on them.

In a ransomware attack, criminals gain control of a computer or network by a phishing email scheme or steal credentials after a user visits an infected website. Once inside, they encrypt the data and demand a ransom, usually in bitcoin, to unfreeze it.

“There is a business model in some respects for criminals because they perceive it to be lucrative,” Mr. Jacobs said. “This threat is something that is continually evolving.”

The FBI officials said that they did not condone paying a ransom, but recognised that for some companies it was a business decision to get their operations back up and running.

FT

 

« Is An ISIS Nuclear Attack In Europe Really A Threat?
An Inside Job: Looking For Cyber Criminals »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

VNT Software

VNT Software

VNT's vision is to change the way complex IT problems are resolved by predicting business disruptions before they occur.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

WebOrion

WebOrion

WebOrion is an All-in-One Web Security & Performance Suite. Fortify, accelerate and monitor your website today.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

ByteSnipers

ByteSnipers

ByteSnipers specialize in penetration testings and secure development services. Our focus is on your security.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.