Cybercriminals are making bank from wire transfer scams conducted through email — the FBI estimates more than $2.3 billion since 2013.
These schemes, which authorities consider to be one of the fastest-growing, involve fraudsters pretending to be company executives in order to trick employees into transferring money to accounts that are actually controlled by the criminals themselves, Reuters reported on Thursday (April 7).
In an alert issued last week, the FBI explained that “business email compromise” scams have involved nearly 17,642 businesses across at least 79 countries.
“They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy,” the alert stated.
Authorities expect that the amount of global losses will only grow as more criminals are attracted to the money being made from wire transfer schemes.
“It’s a low-risk, high-reward crime. It’s going to continue to get worse before it gets better,” former federal prosecutor Tom Brown told Reuters, adding that, in many cases, companies can’t fathom the potential fallout from email account breaches.
“This shows that even the hack of an email account can cause significant financial loss,” Brown added.
In its alert about the growing threat of the business email compromise, the FBI noted that, since Jan. 2015, there has been a 270 percent increase in identified victims and exposed loss due to these scams.
Recently, PayPal addressed a security vulnerability that would have allowed unauthorized access to its email platform and the ability for malicious emails to have been sent from its official online Web application.
“Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent redirect to external sources and persistent manipulation of affected or connected service module context,” the security researcher who discovered the risk said in a write-up.