Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Email Scam Nets $214 Million in 14 Months: FBI

Washington  – An email scam which targets businesses with bogus invoices has netted more than $214 million from victims in 45 countries in just over one year, an FBI task force said Thursday.

Washington  – An email scam which targets businesses with bogus invoices has netted more than $214 million from victims in 45 countries in just over one year, an FBI task force said Thursday.

The Internet Crime Complaint Center, a joint effort of the FBI and the nonprofit National White Collar Crime Center, said the losses were calculated from October 1, 2013 to December 1, 2014.

In the scheme, fake invoices are delivered to businesses which deal with overseas suppliers, asking for payment by wire transfer.

“The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed,” the task force said in a statement.

“Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers.”

The scam has claimed 1,198 US victims and 928 in other countries, according to the statement. US firms have lost more than $179 million of the total.

The FBI “believes the number of victims and the total dollar loss will continue to increase,” the statement said.

Advertisement. Scroll to continue reading.

In one version of the scheme, a business which works with overseas supplier is contacted by phone, fax or email asking for payment. The emails are “spoofed” to look as if they came from the legitimate supplier. Phone and fax requests also appear genuine.

In another version, email accounts of high-level executives are compromised to allow the criminals to request a wire transfer, often including instructions to “urgently send” funds.

A third version of the scheme involves the hacking of an employee’s email account, which then sends out bogus invoices to vendors or suppliers.

The FBI task force said vulnerable businesses should avoid using free Web-based emails for official accounts and to exercise caution about posting company information on websites and social media.

The group also suggests additional security steps such as two-step verification or digital signatures.

“Always verify via other channels that you are still communicating with your legitimate business partner,” the statement said.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...