The FBI and Internet Crime Complaint Enter is warning about a new global email scam that is targeting companies working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Please send these people in your company a link to this blog post. Up until December 1, 2014, this email had scammed over 2100 victims worldwide, with a total loss of over 214 million dollars. The FBI is confident this amount will continue to increase.
The FBI calls it the
“Business Email Compromise” (BEC)
The FBI states “Victims may also first receive “phishing” e-mails requesting additional details of the business or individuals being targeting (name, travel dates, etc.). Some victims reported being a victim of various scareware or ransomware cyber intrusions immediately preceding a BEC scam request.”
The intial phishing emails and/or ransomware attacks are used to drop keyloggers and trojans on the workstations of an employee. With these credentials, they tunnel into the network and put keyloggers on C-level executive workstations. After studying the traffic, the cybercriminal craft an email that is carefully and artfully spoofed, to look as legit as possible.
Your C-level executive receives a business email from an existing, well-known vendor who requests a wire transfer to a specific bank account. The email looks legit, and it comes from a known, trusted business associate, and is about a recent delivery or transaction.
The wire transfers rapidly get forwarded and transferred several times, usually ending up in Hong Kong banks (Chinese Cyber mafia).
There are 3 different versions of this scam, targeting different businesses, but the characteristics are the same:
- Businesses and personnel using open source email are most targeted.
- Individuals responsible for handling wire transfers within a specific business are targeted.
- Spoofed e-mails very closely mimic a legitimate email request.
- Hacked e-mails often occur with a personal email account.
- Fraudulent email requests for a wire transfer are well-worded, specific to the business being victimized, and do not raise suspicious to the legitimacy of the request.
- The phrases “code to admin expenses” or “urgent wire transfer” were reported by victims in some of the fraudulent email requests.
- The amount of the fraudulent wire transfer request is business specific; therefore, dollar amounts requested are similar to normal business transaction amounts so as to not raise doubt.
- Fraudulent emails received have coincided with business travel dates for executive whose emails were spoofed.
- Victims report that IP addresses frequently trace back to free domain registrars.
How Do You Prevent CyberCriminals from Accessing Your Network?
- Alert executives to this scam.
- Most of these scams start the same way – “phishing“ emails. Make sure you (and your coworkers, colleagues, employees, etc) don’t click on any suspicious emails.
- Read the IC3 Alert in full, and apply their Suggestions For Protection.