The FBI and IRS separately this week warned of a couple timeworn but highly effective scams that continue to grow and strip businesses and consumers of cash.
First, the FBI is again warning businesses to be aware of a growing scam that tricks them into paying invoices from established partners that look legitimate but in fact are fraudulent.
The FBI says the fraud is a tweak of the "man-in-the-middle" scam and usually involves chief technology officers, chief financial officers, or comptrollers, receiving an e-mail via their business accounts purportedly from a vendor requesting a wire transfer to a designated bank account, the FBI said.
The FBI even changed the name of the scam now calling it the Business E-mail Compromise (BEC) of the "business angle" of this scam and to avoid confusion with another unrelated scam.
The fraudulent wire transfer payments associated with BEC are sent to foreign banks and may be transferred several times but are quickly dispersed. Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers.
The Internet Crime Complaint Center (IC3) has received BEC complaint data from victims in every U.S. state and 45 countries. From 10/01/2013 to 12/01/2014, the following statistics are reported:
- Total U.S. victims: 1198
- Total U.S. dollar loss: $179,755,367.08
- Total non-U.S. victims: 928
- Total non-U.S. dollar loss: $35,217,136.26
- Combined victims: 2126
- Combined dollar loss: $214,972,503.30
According to the FBI, it is still largely unknown how victims are selected; however, the subjects monitor and study their selected victims prior to initiating the BEC scam.
"The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive "phishing" e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc). Some victims reported being a victim of various Scareware or Ransomware cyber intrusions, immediately preceding a BEC scam request," the FBI says.
Also, based on IC3 complaints and other complaint data received since 2009, there are three main versions of this scam:
A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as "The Bogus Invoice Scheme," "The Supplier Swindle," and "Invoice Modification Scheme."
Sign up for Computerworld eNewsletters.