Phishing attacks against companies have soared dramatically over the past 18 months, and losses have climbed into the billions, according to an FBI advisory issued this week.

Dawn Kawamoto, Associate Editor, Dark Reading

June 15, 2016

3 Min Read
<p align="left">(Image: YvanDube/iStockphoto)</p>

10 Stupid Moves That Threaten Your Company's Security

10 Stupid Moves That Threaten Your Company's Security


10 Stupid Moves That Threaten Your Company's Security (Click image for larger view and slideshow.)

FBI officials issued an alert this week that phishing attacks targeted at businesses worldwide have soared to a $3.1 billion scam in the past 18 months. A new technique employing data theft has been put into play since this latest tax season.

Specifically, the FBI focused on business email compromise (BEC) scams as the root cause of this increase. According to the bureau's June 14 alert:

The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January of 2015, there has been a 1,300% increase in identified exposed losses. The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.

Cyber-criminals are spending time studying and monitoring their potential victims to get to know them before launching the scam, learning to accurately identify them and protocols needed to conduct wire transfers from their specific company or business environment to the would be cyber thieves.

Armed with this knowledge, cyber-criminals go to work in a targeted fashion, specifically by impersonating the CEO or some other high-level executive at the company to extract money or additional information that could lead to financial gain down the line, according to the bureau.

The FBI advisory noted there are five scenarios that cyber-attackers use in these BEC scams, of which one is relatively new. It emerged with this year's tax season.

When the FBI issued its warning in April about the new BEC scam that involved data theft, the losses to companies worldwide stood at $2.3 billion. In a mere two months, the losses mushroomed by $800 million to reach $3.1 billion today.

[Read about the worst security threats that hide in plain site.]

Under this new scenario, the attackers request either wage or tax statement information, like W-2s, or a company list of Personally Identifiable Information (PII). The employees who cyber-criminals request these items from typically work in human resources, bookkeeping, or the auditing departments.

  • In one of the other four business email scams, the con artist dupes a foreign supplier through email, a fax, or a phone call, into wiring an invoice payment to a bogus account.

  • A second scam requires the hijacking of a company executive's email account and sending a request to an employee who normally processes wire transfers, asking that funds be wired to bank X, which the attacker can access.

  • A third scam involves hacking an employee's personal email account and using it to send invoice payment requests to various vendors that the company uses. The funds are then deposited into the cyber thieves' bank account.

  • Finally, the FBI notes a scam involving a cyber-criminal who poses as an attorney in an email or a phone call and claims to be handling a time-sensitive or confidential matter. The cyber-criminal pressures the employee to transfer funds into a bogus account.

The FBI suggests victims notify the agency and file a complaint, regardless of the size of the loss.

About the Author(s)

Dawn Kawamoto

Dawn Kawamoto

Associate Editor, Dark Reading

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's News.com, TheStreet.com, AOL's DailyFinance, and The Motley Fool. More recently, she served as associate editor for technology careers site Dice.com.

See more from Dawn Kawamoto
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now