Some good news finally. It seems that the bad guys do get caught sometimes. In this case, 70 cybercriminals in the U.S. and Nigeria.
The key to their successful scams was impersonation via email which we know as both CEO fraud and Business Email Compromise. The scammers would pose as a vendor seeking a wire payment or pretend to be the CEO or CFO by spoofing an email address and request a payment be sent to a vendor.
According to the article, the scams were well thought out. The cybercriminals did their research using online resources and company websites to identify the individuals to target. In some cases, they even went as far as pulling annual reports to find vendors they do business with in order to spoof vendor email addresses.
And the damages from these email crimes are significant: with the email requests ranging from several thousand dollars to over $30 million, the FBI reports losses of $685 million in just the first quarter of 2018 alone.
These crimes can also impact companies subject for compliance mandates and federal regulations. Cases have occurred in recent months where financial regulators penalized organizations for failing to appropriately supervise their administration of funds after falling victim to a previous similar email scam.
These email crimes can hit any organization – all it takes is a little bad guy research on the web to find out who’s in charge, who reports to who, names of vendors, and more. All of this detail helps to make the scam seem all the more real to the victim.
Have a vendor asking to use a new bank account? How about the CEO emailing from his “personal” account while on vacation? Being asked by the CFO to wire funds to a new vendor? All of these should be red flags – even when the bad guys get the details right and make the emails look spot on.
What you need is new-school security awareness training to create an employee security-focused mindset with anything that looks out of the ordinary. Having your human firewall up and running at all times, organizations are 37% less likely to fall prey to an email scam like the ones above.