So much business is conducted over e-mail now that in some offices, it might be routine to receive an e-mail from your boss telling you where to wire a large amount of money. That’s why the Business E-mail Compromise scam, or CEO Scam, is so plausible and devastatingly effective. Since the last time we discussed this scam, scammers stole more than $17 million from one firm in a single transaction.
That company was an Omaha-based commodities trader. An executive received an e-mail that appeared to be from the chief executive and the company’s outside auditor. It instructed this executive to send wire transfers totaling $17.2 million to a bank in China, to facilitate a secret deal that he wasn’t to tell anyone in the company about. “This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations,” the fake CEO wrote to him.
The big fraud in Omaha took place in April 2014, but only became public last month. The FBI’s Internet Crime Complaint Center reports that as of this January, companies in the United States had wired an estimated $179,755,367 into the pockets of fraudsters. Victims in other countries have wired $35,217,136.22.
One problem leading to this scam is that people who use e-mail for day-to-day correspondence are not necessarily savvy about how e-mail works and how to detect scams. At first glance, bossmeg@c0nsumerist.com and bossmeg@consumerist.com look alike. Fraudsters register alternate domain names that look plausible enough, hoping to fool someone with enough power
A reader of Krebs on Security almost fell for the same scam, only realizing after she had requested a $315,000 wire transfer to a bank in China that the tone of the e-mail didn’t really sound like her boss. The company was able to stop the transfer, and she wasn’t fired. It simply hadn’t occurred to her to be on guard for this kind of scam. Messages from the fake CEO and CFO were at a lookalike domain that had just been set up that morning.
How can you prevent this in your own business? Requiring in-person or over the phone interactions before sending off large amounts of money. Calling someone to confirm a deal is a good idea. Be suspicious of transactions that you’re told to keep super-secret.
by Laura Northrup via Consumerist
No hay comentarios:
Publicar un comentario