$215M Scam Goes After C-Suite Executives

By Patrick K. Burke

High-level business executives including CEOs and CIOs are being targeted in the latest scam initiated through email, according to a recent alert from the FBI.

Dubbed the “business email compromise” (BEC) by the FBI, the scam seeks businesses working with foreign suppliers or businesses that perform wire transfer payments.

Cyber-criminals stole nearly $215 million from businesses in the last 14 months using a scam that starts when business execs or employees have their email accounts hijacked.

One flavor of the BEC scam starts with email accounts of high-level business executives (CEO, CFO, CIO) becoming compromised. Posing as the executive, a cyber-criminal requests a wire transfer from a second employee within the company who is normally responsible for processing these requests.

“The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,” the FBI said in its alert. “In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank ‘X’ for reason ‘Y.’”

The FBI alert shows how cyber-thieves research, monitor and study a business and its employees before the scam.

“Fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed,” the FBI said. “The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive ‘phishing’ emails requesting additional details of the business or individual being targeted (name, travel dates, etc).”

The FBI shared the following characteristics of BEC complaints, and CIOs should be aware of the scam’s telltale signs:

Businesses and personnel using open source email are most targeted.

Individuals responsible for handling wire transfers within a specific business are targeted.

Spoofed emails very closely mimic a legitimate email request.

Hacked emails often occur with a personal email account.

Fraudulent email requests for a wire transfer are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request.

The phrases “code to admin expenses” or “urgent wire transfer” were reported by victims in some of the fraudulent email requests.

The amount of the fraudulent wire transfer request is business specific; therefore, dollar amounts requested are similar to normal business transaction amounts so as to not raise doubt.

Fraudulent emails received have coincided with business travel dates for executives whose emails were spoofed.

Victims report that IP addresses frequently trace back to free domain registrars.