According to a recent alert from the FBI, cyber thieves have stolen almost $215 million from businesses over the past 14 months by accessing internal emails and sending requests for wire transfers from the email accounts of company executives.
Rather than spamming, this scam targets specific businesses known to work with foreign suppliers or other businesses, and to routinely use wire transfer payments.
According to the alert, the requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request and in some instances the emails are sent directly to the bank from which the funds are to be wired.
Much of the time, the information used by scammers is gained through “phishing” emails which are sent to people in the company prior to the scam. These appear to be from legitimate sources and request information that is then used in the scam.
While many people prefer using email for these types of requests so that there is a “paper trail”, we recommend that the person issuing the wire verify its authenticity by calling the executive making the request. We also remind our clients to be careful when responding to requests for information.