The FBI has issued an alert following a “dramatic rise” in the use of business e-mail compromise scams, where schemers send employees emails to spoof a company’s e-mail — even going so far as to assume the identity of the CEO or a trusted vendor — and then request a wire transfer of funds “using dollar amounts that lend legitimacy,” the agency said.
On it’s face, it may seem like an easily avoidable e-mail scam, but apparently the scheme — with victims ranging from big corporations and tech companies to small start-ups and nonprofits — works: global law enforcement has fielded complaints from victims in every state and nearly 80 countries.
Stats provided by the FBI show that from October 2013 to February this year, more than 17,600 people have fallen victim to one version or another of this scam, and since January of 2015, the agency has seen a 270% increase in people falling victim to the scam. Since October 2013, losses to businesses from the scam has amounted to more than $2.3 billion.
Often, the scam will target businesses that deal with foreign suppliers and are used to handling regular wire transfer payments. Besides CEOs, the e-mails will also often look as if they come from a company attorney, the FBI said.
Multi-level authentication is one step toward avoiding the scam, as is a simple phone call to verify the e-mail’s veracity, the FBI said.