Email scams cost businesses $1.2B since 2013: FBI

Email scams targeting businesses and individuals alike are on the rise and have enabled hackers to steal upwards of $1.2 billion during the past two years, the FBI warned.

The law enforcement agency said Thursday that officials have seen a 270 percent surge since January in crimes related to business email compromise (BEC) scams, a sophisticated type of Internet ruse in which hackers use compromised or bogus email accounts in order to initiate unauthorized wire transfers.

In a bulletin posted on its Internet crimes website, the FBI said that the the number of reported computer intrusions linked to BEC scams and the types of variations investigators have witnessed are both on the rise.

To carry out these attacks, hackers either make their way into a businessperson’s actual email or create a new account crafted to appear legitimate. Then they contact associates through the hacked account or the spoofed address and socially engineer targets into wiring funds.

Fraudsters recently began posing as attorneys or legal reps and contacting a company towards the end of the business day or workweek and say they need money to be transferred immediately to process confidential or time-sensitive material.

In other instances, attacks have posed a familiar vendors, banking reps or accounting personnel in hopes of tricking a target into wiring funds.

The FBI said it has seen BEC scams unfold in all 50 states and that more than 7,000 victims in the U.S. were duped out of $747 million since October 2013. Combined with figures from international law enforcement agencies investigating these scams abroad, the FBI said BEC attacks have led to over $1.2 billion in global losses since October 2013 and are on the rise.

The Justice Department warned in a report issued in June that CEOs and CFOs of businesses are targeted the most by such scammers.

The FBI said email account compromise scams, which target individuals instead of corporate entities, are rampant as well, and have led to roughly $700,000 in losses between April 1 and June 30.

Ubiquiti Networks, a U.S. technology company, acknowledged earlier this month that a BEC scam had cost them roughly $47 million in lost funds. In that instance, the firm said it had become the victim of “criminal fraud” through “employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.”