Tag Archives: Cybercrime

FBI: Email Scams Take $3.1 Billion Toll on Businesses


Business-related inbox scams are reaching epidemic levels with the total cost to business reaching a whopping $3.1 billion. The dire warning comes from the FBI that says skyrocketing losses represent a 1,300 percent increase since January 2015.

Identified by the FBI as business e-mail compromise (BEC) crimes, the scams attempt to trick email recipients into money wire transfers, forwarding sensitive employee data such as W-2 data, paying fake invoices, or hijacking employee email accounts in order to use stolen email identities to win the confidence of scam targets.

The FBI has stepped up its BEC awareness campaign less than a month since it released its annual Internet Crime Complaint Center (IC3). In that report, the FBI reported U.S. businesses were hit hardest by BEC scams in 2015 with 7,838 complaints and losses of more than $263 million.

On Tuesday, the FBI refreshed those BEC numbers reporting 22,143 worldwide BEC victims representing $3.1 billion in losses since January 2015. Closer to home the FBI reports 14,032 U.S. BEC victims representing $961 million dollars in losses between October 2013 and May 2016.

The FBI data shows U.S. businesses are disproportionately affected by BEC crimes with 88 percent of all worldwide victims being U.S.-based and 90 percent of losses coming from U.S. companies.

“The BEC scam continues to grow, evolve, and target businesses of all sizes,” wrote the FBI. “The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.”

Security experts say these types of cybercrimes are difficult to protect against. “With BEC attacks there is no malware involved. You are exploiting human trust and business processes that involve email,” said Ryan Kalember, SVP cybersecurity strategy at the security firm Proofpoint in an interview with Threatpost reacting to the May IC3 report.

Despite the low-tech email attack vector, the FBI warns business e-mail compromise attacks can be extremely sophisticated. Attackers can lie in wait for extended periods of time studying whom a business does business with and what the business protocols are for wire transfers.

Security experts tell Threatpost they are seeing an uptick in elaborate and sophisticated ruses that involve CEOs, CFOs, COOs, HR departments and accounting. Attacks are become more sophisticated involving criminals going so far as monitoring a CEO’s social media feed to best time and color a fake request for a wire transfer.

The FBI says that BEC can also be springboards to other types of crimes with victims reporting romance, lottery, employment, and rental scams as well. In some instances, the FBI warns, victims are unwittingly drawn into becoming “money mules.” In these instances, money is transferred into target account and then directed to quickly transferred to a second offshore account or shell corporation.

Tips for steering clear of becoming a BEC victim, according to the FBI, include:

  • Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchical information, and out of office details.
  • Be suspicious of requests for secrecy or pressure to take action quickly.
  • Consider additional IT and financial security procedures, including the implementation of a 2-step verification processes for out of band and communication
  • Consider implementing two factor authentication for corporate e-mail accounts.
  • Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient’s correct e-mail address is used.


Data Breaches, Hacking and Cybercrime – Oh My!


Whenever I visit my relatives, I’m often not shocked to take a look at their smartphone or tablet or PC and find the little “update” notification number on their apps light up – and it isn’t just usually one update, it’s like 99! Because of my experience and career path, we spend part of our visit going through and updating phones, tablets and computers. Sound familiar to anyone else?

After working in this field for more than 20 years, people often will ask me – how do you sleep at night? I tell them I sleep just like a baby – meaning I sleep for 4 hours and I’m up every half hour screaming (not my quote, but I love that one….) Truthfully though, I love what I do and I’m excited to provide some thoughts and advice to consumers on how to protect themselves from a range of cyberthreats from common hacking attacks to sophisticated newer techniques like ransomware. One of the things consumers need to focus on is personal “computer hygiene.” If consumers and businesses kept up basic computer hygiene, it would stop approximately 80-90 percent of attacks.

Here are a few key and simple things you can do to protect yourself from hackers and fraudsters alike:

1) Yes, you need anti-malware software on your PC or Mac.  But equally if not more important is that you need to keep all device software updated. Many computers are hacked because they are running on an outdated operating system or outdated version of Adobe or Java or other office software. Old software is vulnerable software.  Keep it up to date.

2) Don’t use the same password on different sites. Use a different password for financial sites, vs. other consumer/retail sites. Once a hacker has access to one password, they will usually try the same password on other major websites.

3) Use the strongest authentication options available to you. For example, when a site allows you to enroll via a mobile device, which triggers a code sent to you for verification, enroll for that. You’ll thank me later.

4) Remove your own “administrative rights” on your home computer.  Many companies remove general user’s ability to add new users, install software, etc.  This greatly limits what malware can do if it is accidentally downloaded by a user.  At home, most people don’t think to do this.  So, consider creating a “normal user” account for yourself, removing that “admin” access from it, and only use the default “Administrator” account or right when you need to install software, add new users, apply updates, etc.

Sincerely hope this helps you.

Cybercrime on the Rise


Cybercrimes like data breaches are getting lots of attention these days. But does the average company need to worry about them? The answer is a resounding yes, according to a survey from PricewaterhouseCooper, which found that cybercrime has become the second most common type of economic crime.

Of the 6,000 executives across the world who participated in the survey, 38 percent reported that their organizations dealt with economic crime in the last 48 months. Cybercrime increased big time, with 32 percent reporting an incident in the last two years. That’s an 8 percent increase from a year ago. Cybercrime was up and is now the second-most-reported type of economic crime (asset misappropriation is No. 1).

Cybercrimes can cause major losses, according to the report. Of the respondents affected by cybercrime, about 15 percent reported losses of more than $1 million; 2 percent reported losses in excess of $100 million.

Despite this potential for losses, many boards of directors aren’t focusing on cybercrime. Globally, just 27 percent of boards request information about the company’s state of cyberreadiness more than once a year, the report found.

The survey, The PwC Global Economic Crime Survey 2016, is available here.