Newsroom

A new FBI alert estimated that fraud losses linked to business email scams worldwide totaled more than $1.2 billion from October 2013 through August 2015 – though experts say the losses could be higher as some incidents go unreported.

Financial fraud expert Shirley Inscoe, an analyst at consultancy Aite, told Credit Union Information Security that these losses are an understatement because "many companies are not reporting them to the FBI due to embarrassment, lack of knowledge of where to turn, or the realization that there is no chance of retrieving their funds."

Business email compromise scams, or BEC scams, typically target someone within a company with the authority to wire funds by impersonating their company executive or an outside vendor asking for funds to be transferred. Funds are usually wired because the request seems legitimate.

The FBI alert said there has been a 270 percent increase in identified victims and known losses resulting from these BEC scams since January. This scam has been reported in all 50 states and in 79 countries.

Tom Kellermann, chief cybersecurity officer at the security firm Trend Micro, told CU Info Security that businesses' procedures should require that all transfer-of-funds requests be verified and that employees should be specifically trained to examine the URLs from which emails are sent to know if they are valid.

Fraud expert Avivah Litan, an analyst at the consultancy Gartner, also suggested in the article that financial institutions use identify-proofing technology, such as what they use for the remote-deposit capture of check images from mobile phones, which would verify the identity of who is requesting the transfer.