Newsroom

FBI recently noted that cyber thieves stole close to $215 million from businesses over the last 14 months in a scam that begins with hacking a business executive's or employee's email account.

Brian Krebs, author of KrebsonSecurity.com, reported on the FBI alert and said federal investigators refer to this kind of hack as "business email compromise" and said it often victimizes businesses with foreign suppliers or those that commonly perform wire transfer payments.

Krebs highlighted new data from the Internet Crime Complaint Center – a partnership between the National White Collar Crime Center and FBI. The new statistics resulting from this scam from Oct. 1, 2013, through Dec. 1, 2014, show:

• 1,198 total U.S. victims;
• a U.S. dollar loss of nearly $179.8 million;
• 928 non-U.S. victims; and
• a non-U.S. dollar loss of more than $35.2 million.

Krebs described one example of this kind of scam as "CEO fraud": It starts with a high-level executive's email account being compromised, followed with the fraudster posing as that executive and sending a wire transfer request to someone else in the company who can fulfill it.

The FBI warned that "the requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request." The agency encouraged businesses to adopt better email authentication measures and use other means of communication, such as a telephone call, to confirm transactions.