FBI Says Corporate Account Takeover and Other Email Scams are Big Business for Bad Guys!

Posted August 14, 2015

Account Takeover Email Scams Cost U.S. Corporations Over $1Billion a Year!

Neither snow nor rain nor heat nor gloom of night stays these couriers of crime from the swift completion of their appointed rip-offs. This could be the motto of cybercriminals who, between October 2013 and June 2015 stole some $1 billion via a number of online scams including getting small businesses to wire big amounts of cash into phony bank accounts.

An article on pymnts.com discusses these hackers and some of their methods. The following has been excerpted from the pymnts.com story and edited to fit our format.
Read Full Story

Targeting U.S.

Though complaints have come in from around the world, the fraud efforts seem to be most tightly focused on the U.S. According to Patrick Fallon, a section chief in criminal investigation for the FBI, “organized crime groups from overseas and domestic-based actors” are typical perpetrators.

They’ve been messing with Texas

Fraudsters recently went after 25 Dallas companies, “with an attempted loss of over $100 million.” The Account Takeover Email Scams appeared to be from high-level executives in the company being targeted, the FBI said in the advisory. A closer look would have revealed those emails came from a similar, but slightly different (and wrong) domain name. Another variation on this fraud sees criminals hijacking a corporate email system, grabbing a real message, altering it and allowing for a real payment to be diverted into their bank accounts.

NACHA: businesses should work together to defeat cybercriminals

NACHA, the industry-run group overseeing ACH [Automated Clearing House] transactions, “strongly advocates” that businesses “work together with their financial institutions to understand and use sound business practices to prevent and mitigate the risk of Corporate Account Takeover Email Scams.”

Act VERY quickly to recover funds

The limited good news here is banks can, in some instances, recover the funds by notifying the receiving bank that the incoming wire is an act of fraud. However, such “claw backs,” as WSJ calls them, must happen rather quickly, or they won’t happen at all. “Once you reach beyond the 72-hour mark, it’s extremely difficult,” said Fallon.

LexisNexis Risk Solutions | ThreatMetrix

LexisNexis Risk Solutions | ThreatMetrix

close btn