According to the FBI, CEO fraud is on the rise. These email scams — so named because the emails appear to originate from the boss of a company — involve convincing an employee to wire money to the scamsters. In just the past three years, the FBI estimates that organizations have lost more than $2.3 billion to these fraudsters. On April 4, 2016, the FBI posted an alert on their website warning companies of a significant uptick in this type of fraudulent activity occurring since January 2015.
FBI Alert Tells of Increasing Problems
Since that time, the FBI noted that losses stemming from these scams — and their victims — have increased by 270 percent. The alert further stated that the agency has seen CEO scams in all 50 states as well as in more than 79 countries. This type of scam typically begins in one of two ways. In the first instance, the thieves phish an executive and gain security access to their inbox. In the second scenario, the fraudsters target employees by using an email address that is a letter or two different from the true domain name. Often the changes in the letters are subtle enough that busy employees don’t notice the discrepancy.
Why CEO Scams Work
CEO scams are so successful for several reasons, plus, they have a track record of success, which has prompted an expansion in their utilization by crooks. One reason is because these emails don’t set off spam alerts since they aren’t pushed out en masse. Instead, these fraudsters take the time to research the company’s organization, activities, relationships and more. By browsing the company’s website to obtain employee email addresses, they can send out messages that purport to be from CEOs or other upper-level management of that company. In another scenario, in which an inbox has been compromised, the crooks search for words such as “deposit” or “invoice” to determine if the company routinely utilizes wire transfers.
More Adept and Versatile Than Malicious Software
Scam artists that use CEO scams are often more nimble about sliding past security measures put into place by businesses to reduce the likelihood of having their accounts hacked. Rather than unleash viral software that embeds itself on the computer, for example, these thieves convince the employees to wire the money directly to them. While most companies are hit with losses averaging between $25,000 and $75,000, the FBI has noted that some companies have lost millions of dollars.
It’s clear that businesses need to adopt tighter controls when it comes to authenticating emails. Additionally, providing an additional security system that involves another method of verification for transactions that cross a previously established threshold gives companies another layer of protection.