BEWARE email scams cost business $5B last year

Forum Moderators: phranque

Message Too Old, No Replies

BEWARE email scams cost business $5B last year

tangor

4:21 am on May 6, 2017 (gmt 0)

The FBI has issued figures about how much scammers using business email compromise (BEC) have netted, and the totals are fairly frightening.

BEC (or "whaling") scams work when an attacker either compromises a company's email accounts or sets up a convincing phishing email that submits a fake invoice to a firm from someone posing as a contractor or business partner. If the invoice is paid, the funds go to a bank and are quickly laundered and disappear.

Between 2013 and December 2016 – since the FBI has been collecting data on BEC – the agency reports that the crooks have made off with $5,302,890,448 from 40,203 cases with US and international businesses. To make matters worse, BEC reports have grown at an astonishing 2,370 per cent over the past year.

[theregister.co.uk...]

The sophistication improves year on year and it can happen to anyone. I do hope that no one here is so large they don't vet the invoices that are sent to them!

keyplyr

2:34 am on May 7, 2017 (gmt 0)

BEWARE email scams cost business $5B last year

I'm safe then... don't have $5B :)

I'd like to think I'm aware enough not to get bitten by these scams; I don't even read them. But it's not how smart you are, it just making the wrong decision. I have a friend who is a commercial pilot. Her entire savings was wiped out by a scammer (identity theft.) I would have thought she'd be smart enough to not get caught in a scam. She said she busy & just wasn't thinking.

tangor

3:54 am on May 7, 2017 (gmt 0)

For the scam described above it is mid- to low-tier bean counters for large biz who handle hundreds of invoices a month. Something sent in by email, looking legit, is how this scam works.

Sorry about your friend. ID theft can happen all kinds of ways. For one of the members in my hobby band (aging rockers) it was as simple as a check that was photocopied, along with his DL#, address, etc. That info was used to open a charge account in his name and inside of 36 hours more than $18k had been run up. The perp was nailed 12 hours later. His son works in law enforcement. :) Unfortunately it still took 6 months to clear out all the banking holds red flagged, etc. PITA to the MAX

piatkow

4:27 pm on May 7, 2017 (gmt 0)

I have had one, it was so well done that my first reaction was that somebody had made a real purchase using our name. It was only on digging through the message headers that was sure that it was a scam.