FBI: Business Phishing Attacks Net Cyber Thieves $3.1 Billion - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

FBI: Business Phishing Attacks Net Cyber Thieves $3.1 Billion

Phishing attacks against companies have soared dramatically over the past 18 months, and losses have climbed into the billions, according to an FBI advisory issued this week.

10 Stupid Moves That Threaten Your Company's Security
10 Stupid Moves That Threaten Your Company's Security
(Click image for larger view and slideshow.)

FBI officials issued an alert this week that phishing attacks targeted at businesses worldwide have soared to a $3.1 billion scam in the past 18 months. A new technique employing data theft has been put into play since this latest tax season.

Specifically, the FBI focused on business email compromise (BEC) scams as the root cause of this increase. According to the bureau's June 14 alert:

The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January of 2015, there has been a 1,300% increase in identified exposed losses. The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.

Cyber-criminals are spending time studying and monitoring their potential victims to get to know them before launching the scam, learning to accurately identify them and protocols needed to conduct wire transfers from their specific company or business environment to the would be cyber thieves.

(Image: YvanDube/iStockphoto)

(Image: YvanDube/iStockphoto)

Armed with this knowledge, cyber-criminals go to work in a targeted fashion, specifically by impersonating the CEO or some other high-level executive at the company to extract money or additional information that could lead to financial gain down the line, according to the bureau.

The FBI advisory noted there are five scenarios that cyber-attackers use in these BEC scams, of which one is relatively new. It emerged with this year's tax season.

When the FBI issued its warning in April about the new BEC scam that involved data theft, the losses to companies worldwide stood at $2.3 billion. In a mere two months, the losses mushroomed by $800 million to reach $3.1 billion today.

[Read about the worst security threats that hide in plain site.]

Under this new scenario, the attackers request either wage or tax statement information, like W-2s, or a company list of Personally Identifiable Information (PII). The employees who cyber-criminals request these items from typically work in human resources, bookkeeping, or the auditing departments.

  • In one of the other four business email scams, the con artist dupes a foreign supplier through email, a fax, or a phone call, into wiring an invoice payment to a bogus account.
  • A second scam requires the hijacking of a company executive's email account and sending a request to an employee who normally processes wire transfers, asking that funds be wired to bank X, which the attacker can access.
  • A third scam involves hacking an employee's personal email account and using it to send invoice payment requests to various vendors that the company uses. The funds are then deposited into the cyber thieves' bank account.
  • Finally, the FBI notes a scam involving a cyber-criminal who poses as an attorney in an email or a phone call and claims to be handling a time-sensitive or confidential matter. The cyber-criminal pressures the employee to transfer funds into a bogus account.

The FBI suggests victims notify the agency and file a complaint, regardless of the size of the loss.

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
How CIOs Can Advance Company Sustainability Goals
Lisa Morgan, Freelance Writer,  5/26/2021
IT Skills: Top 10 Programming Languages for 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/21/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll