FBI Warns that Business Email Compromise (CEO Fraud) is a "$12 Billion Scam"


The FBI is again warning of the threat posed by business email compromise (BEC, aka CEO Fraud) and email account compromise (EAC). Together, says the Bureau, these have cost businesses $12 billion between December 2016 and May 2018. That represents a 136% increase in reported losses worldwide.

The scams have been reported in all fifty US states and in some one-hundred-fifty countries around the world, as close to all of them as makes little difference. Small, medium, and large businesses have all been affected. The attempts at theft depend upon compromise of a legitimate account or device. They often involve fraudulent wire transfers, but they can also simply target personally identifiable information, payroll data, or tax information.

The real estate sector has been heavily targeted recently

The real estate sector has been heavily targeted recently. Victims include not only real estate agents, but also title companies, supporting law firms, and, of course, property buyers and sellers. Victims often tell the FBI they've received spoofed e-mails requesting changes in payment details. If they bite on the scam, their funds are directed to fraudulent domestic accounts, from where they are quickly dispersed to both domestic and international destinations. Real estate scams have increased 1,100% from 2015 to 2017 with monetary losses for the same period increasing 2,200%.

All parties in real estate transactions are potential targets. It can be difficult to tell the difference between legitimate and fraudulent emails and calls. There's a great deal of information publicly available on real estate transactions, so scammers have considerable raw material to work with that can make their approach more plausible.

Organizations would do well to make BEC and EAC topics of awareness training for their employees. This applies to the real estate sector, of course, but any organization that handles money or personally identifiable information is in principle vulnerable. This is an area in which well-crafted and well-drilled security policies can make a big difference. If you suspect fraud, contact your financial institution and request a recall of funds. And then the FBI would very much like to hear from you. They're committed to helping the victims of this kind of crime.

The Internet Crime Complaint Center (IC3) has the story: https://www.ic3.gov/media/2018/180712.aspx

Topics: CEO Fraud

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews