Companies pay out billions to fake-CEO email scams

15.06.2016
Email scammers, often pretending to be CEOs, have duped businesses into giving away at least $3.1 billion, according to new data from the FBI.

The email schemes, which trick companies into wiring funds to the hacker, continue to bedevil companies across the world, the FBI warned in a posting on Tuesday.

The amount of money they've tried to steal has grown by 1,300 percent since January 2015, it said.

In the U.S. alone, victims have lost $960 million to the schemes over approximately the past three years, FBI figures show. That figure reaches $3.1 billion when global data from international law enforcement and financial groups is included. The number of victims: 22,143.

In many cases, the scammers pretend to be a business executive at the victim’s company or a trusted supplier. They can do this by hacking into email accounts to send off fraudulent messages. This type of cybercrime, which usually involves a request for a wire transfer, may be called “CEO Fraud” and “The Supplier Swindle” depending on the scheme used.

In other cases, the scammers will create fake email accounts that look like those of the business executive or supplier. Sometimes they pretend to be a lawyer handling confidential matters and pressure the victim into sending funds.

These scammers have requested wire transfers to 79 countries, but most go to banks located in China and Hong Kong, the FBI said.

In some cases, the scammers will follow up with a ransomware attack, the FBI added. Victims may receive an email that contains a link or an attachment with malware. If it's opened, it will threaten to hold their data hostage.

There are ways to ward off the danger. The FBI said the scammers study their targets carefully, so company employees should be careful about what professional details they post to social media. Spam should never be opened, and any wire transfers should be verified with telephone calls between the subjects.

Security firm Trend Micro has also been tracking these email scams and found that 31 percent of the time, the hackers pretend to be a company CEO.

The schemes most often target a company’s financial department. Forty percent of the malicious email messages were sent to a company’s chief financial officer, Trend Micro said in its analysis.

Michael Kan