Businesses have lost billions of dollars to fast-growing scams where fraudsters impersonate company executives in emails that order staff to transfer to accounts controlled by criminals, according to the U.S. Federal Bureau of Investigation.
Losses from these scams, which are known as “business email compromise,” totaled more than $2.3 billion from October 2013 through February of this year, the FBI said in an alert issued this week, citing reports to law enforcement agencies around the globe.
The cases involved some 17,642 businesses of all sizes scattered across at least 79 countries, according to the FBI alert posted on the website of the agency’s Phoenix bureau.
Law enforcement and cyber security experts have been warning that business email compromise was on the rise, but the extent of losses has not previously been disclosed.
Cyber security experts say they expect losses to grow as the high profits will attract more criminals.
It’s a low-risk, high-reward crime. It’s going to continue to get worse before it gets better,
said Tom Brown, a former federal prosecutor in Manhattan.
The FBI’s alert said that fraudsters go to great lengths to spoof company email accounts and use other methods to trick employees into believing that they are receiving money-transfer requests from CEOs, corporate attorneys or trusted vendors.
“They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy,” the alert said.
It said they often target businesses that work with foreign suppliers or regularly perform wire transfers.
