It is no secret that small businesses are the most vulnerable when it comes to security scams.
According to the new FBI report, thieves stole nearly 750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.
In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of 179 million in business e-mail compromise (BEC) scams, (also known as “CEO fraud.”)
The figures show an incredible 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than 1.2 billion dollars, according to the FBI. Click Here for the link.
The study shows that these scams will continue to mature as businesses continue to depend more and more on email as a means of communication. We can clearly see a pattern that you need to watch out for. This new wave of attacks often begins with the scammers phishing an executive, dropping a Trojan, and gaining 24/7 access to that individual’s inbox. Next, they research the organization and monitor the email account for months until the right circumstances arrive, then they pounce. They spoof the CEO's address and send messages to employees in accounting from a look-alike domain name that is one or two letters off from the target company’s true domain name.
Why is this worse than ransomware?
We see that most ransomware attacks cost about $500 dollars. However, the FBI’s numbers indicate that the average loss for a BEC victim is a whopping $100,000 dollars. Some are much higher, as was the case for the tech firm Ubiquiti Networks which disclosed in a quarterly financial report that it suffered a whopping 46.7 million hit because of a BEC scam.
Criminals seem to be one step ahead, we have noticed the latest scam tactics are being filtered down to the consumer level. Scammers are targeting people that are in the process of buying a house and need to transfer a sizable down payment. The scammers are sending a fake email, which is allegedly coming from their lawyer or realtor, to transfer that down payment to a certain bank account. When they call the next day to check if the money has arrived the lawyer tells them they did not send any transfer requests, but the money has disappeared in the meantime. The same scam is done with spoofed emails from financial brokers such as Bank of America.
What you can do about it:
- These scams are getting more sophisticated by the month so be on the lookout. Alert all your employees from the board level down to the mail room.
- Use the Social Engineering Red Flag as a way to identify scam emails. Print this image and give it to everyone.
- Develop a dual-step process for bank wires, always verifying by phone with trusted parties.
- When emails request payment or transfer, always verify the legitimacy of the email by contacting the sender.
- Pay close attention to the time the emails were received.
- Never click on a link if the content has bad grammar or spelling errors.
As always, if you need help securing your network don’t hesitate to give us a call. We have solutions that can drastically reduce security risks and keep your data safe.
Thank you
Libis R. Bueno
CEO and Chief Technology Officer
