In a recent case first reported by Quartz, a crew of international cyber criminals allegedly convinced an unidentified US defense contractor to send them millions of dollars worth of sensitive military gear they weren’t even supposed to know existed, according to court filings.
Some of the items shipped to the fraudsters were reportedly so top-secret that even a photo of the equipment was considered “controlled.” The “highly sensitive” equipment was valued at $3.2 million.
Consumers who fall prey to such scams have limited liability and losses are usually covered by the bank, said Sam Curry, chief security officer of cybersecurity consulting firm Cybereason. But businesses that mistakenly send large sums to the wrong recipient are not normally covered. When a Texas manufacturing company was bilked out of $480,000 in 2014 by a scam artist posing as the firm’s CEO, the firm’s insurer refused to pay the claim. Earlier this year, fashion brand Diesel USA filed for Chapter 11 protection, citing losses from cyber fraud as one of the reasons behind its bankruptcy.
Effectively, business email compromise—also known as CEO Fraud— is “organized crime going cyber,” Curry said, describing it as a natural progression from the analog financial fraud of a generation ago. Passing counterfeit checks and trying to fool bank tellers is a dying art, he said, adding: “It’s much easier, cheaper, and less risky to do it at scale on the internet.
Full story at Quartz, and is recommended reading: https://qz.com/1752282/how-compromised-emails-enable-cybercrime-and-real-estate-scams/