E-mail Scam Picks Up Over $214m within Around One Year, States FBI
A task force from the Federal Bureau of Investigation (FBI) tells that one e-mail scam is running while targeting businesses by sending them fake bills and has already netted more than $214m by stealing from end-users from around forty five countries. The scammers have been running this sly campaign for just over one year.
In an assertion by Internet Crime Complaint Center, one combined initiative of National White Collar Crime Center and FBI, the period between October 1, 2013 and December 1, 2014 has been considered for calculating the losses.
The mode-of-operation of the scheme involves delivery of bogus invoices into the mailbox of businesses that handle vendors abroad where payment requires being through wire transfer.
According to FBI's task force, scammers get victims to dispatch wire-transfers into overseas banks while these could be transferred again and again, however, are fast dissolved. The most frequently indicated final points where the fake wire-transfers are deposited are Asian banks inside Hong Kong and China.
Hitherto, 1,198 victims from USA along with 928 from more countries have been made, with American companies losing $179m-or-more.
It's understood that there'll be a continuous rise in the victims' total count as well as aggregate dollar loss, according to FBI's statement.
The scam within one incarnation has a foreign vendor contacting a business over e-mail, fax or phone requesting payment. The electronic mails arrive camouflaged as the genuine vendor, with fax and phone calls too seeming real.
Within a second version, scammers compromise high-profile executives' e-mail accounts for letting the miscreants ask for wire-transfers, frequently directing for immediate dispatch of funds.
There's one 3rd incarnation too wherein the e-mail account belonging to an employee is hacked that subsequently dispatches fake bills to suppliers.
An alert by the task force to susceptible companies asks the latter to eschew creating business accounts on non-chargeable Web-based e-mail services as also being careful with posting company info onto social media or other websites.
It further recommends extra security measures like digital signatures and two-factor validation systems.
Finally, it states that companies must keep validating through other mediums that they're continuing communication with their real partners in business.