A brand new Alert by the FBI on April 4th 2016 warns of a major increase in what they call business email compromise or BEC (we call it CEO Fraud), amounting to a whopping $2.3 billion in losses. This is very relevant information if you are discussing IT security budget.
FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam a scheme that targets businesses and has resulted in massive financial losses. KnowBe4 has been warning against this kind of threat for a while now, and our platform is able to simulate CEO fraud phishing attacks to inoculate employees against this type of attack.
Here is what the FBI said: "The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.
"There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.
- Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries.
- From October 2013 through February 2016, law enforcement received reports from 17,642 victims.
- This amounted to more than $2.3 billion in losses.
- Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss.
- In Arizona the average loss per scam is between $25,000 and $75,000.
UPDATE: New FBI statistics as of June 2016 put the total dollar loss figure over $3bil within the US and internationally.
If your company has been victimized by a BEC scam:
- Contact your financial institution immediately
- Request that they contact the financial institution where the fraudulent transfer was sent
- File a complaint—regardless of dollar loss—with the IC3.
FBI Tips for Businesses:
- Be wary of e-mail-only wire transfer requests and requests involving urgency
- Pick up the phone and verify legitimate business partners
- Be cautious of mimicked e-mail addresses
- Practice multi-level authentication
KnowBe4 can add a few bullet points to these tips:
- Send high-risk users a spoofed CEO email as an effective security awareness training exercise.
- Do a Domain Spoof Test and find out if your email server is configured to block spoofing, most are not!