Washington – An email scam which targets businesses with bogus invoices has netted more than $214 million from victims in 45 countries in just over one year, an FBI task force said Thursday.
The Internet Crime Complaint Center, a joint effort of the FBI and the nonprofit National White Collar Crime Center, said the losses were calculated from October 1, 2013 to December 1, 2014.
In the scheme, fake invoices are delivered to businesses which deal with overseas suppliers, asking for payment by wire transfer.
“The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed,” the task force said in a statement.
“Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers.”
The scam has claimed 1,198 US victims and 928 in other countries, according to the statement. US firms have lost more than $179 million of the total.
The FBI “believes the number of victims and the total dollar loss will continue to increase,” the statement said.
In one version of the scheme, a business which works with overseas supplier is contacted by phone, fax or email asking for payment. The emails are “spoofed” to look as if they came from the legitimate supplier. Phone and fax requests also appear genuine.
In another version, email accounts of high-level executives are compromised to allow the criminals to request a wire transfer, often including instructions to “urgently send” funds.
A third version of the scheme involves the hacking of an employee’s email account, which then sends out bogus invoices to vendors or suppliers.
The FBI task force said vulnerable businesses should avoid using free Web-based emails for official accounts and to exercise caution about posting company information on websites and social media.
The group also suggests additional security steps such as two-step verification or digital signatures.
“Always verify via other channels that you are still communicating with your legitimate business partner,” the statement said.
More from AFP
- US State Department Says 60,000 Emails Taken in Alleged Chinese Hack
- UK Minister Warns Meta Over End-to-End Encryption
- ‘Cybersecurity Incident’ Hits ICC
- China Says No Law Banning iPhone Use in Govt Agencies
- Spies, Hackers, Informants: How China Snoops on the West
- Meta Fights Sprawling Chinese ‘Spamouflage’ Operation
- Two Men Arrested Following Poland Railway Hacking
- UK Court Concludes Teenager Behind Huge Hacking Campaign
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
