[FBI ALERT] Dramatic Increase in e-mail CEO Fraud To 2.3 Billion.

FBI CEO Fraud AlertA brand new Alert by the FBI on April 4th 2016 warns of a major increase in what they call business email compromise or BEC (we call it CEO Fraud), amounting to a whopping $2.3 billion in losses. This is very relevant information if you are discussing IT security budget.

FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam a scheme that targets businesses and has resulted in massive financial losses. KnowBe4 has been warning against this kind of threat for a while now, and our platform is able to simulate CEO fraud phishing attacks to inoculate employees against this type of attack.

Here is what the FBI said: "The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.

Stop Look and Think

"There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.

  • Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries.
  • From October 2013 through February 2016, law enforcement received reports from 17,642 victims.
  • This amounted to more than $2.3 billion in losses.
  • Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss.
  • In Arizona the average loss per scam is between $25,000 and $75,000.

UPDATE: New FBI statistics as of June 2016 put the total dollar loss figure over $3bil within the US and internationally.

If your company has been victimized by a BEC scam:

  • Contact your financial institution immediately
  • Request that they contact the financial institution where the fraudulent transfer was sent
  • File a complaint—regardless of dollar loss—with the IC3.

FBI Tips for Businesses:

  • Be wary of e-mail-only wire transfer requests and requests involving urgency
  • Pick up the phone and verify legitimate business partners
  • Be cautious of mimicked e-mail addresses
  • Practice multi-level authentication

KnowBe4 can add a few bullet points to these tips:

  • Send high-risk users a spoofed CEO email as an effective security awareness training exercise.
  • Do a Domain Spoof Test and find out if your email server is configured to block spoofing, most are not!

Try to spoof me!


Topics: CEO Fraud

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews