View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 11, 2016updated 05 Sep 2016 11:29am

FBI issues warning over fake CEO emails that have swindled $2.3bn from companies worldwide

News: The fraudsters mainly target firms that carry out wire transfer payments to their suppliers or partners.

By CBR Staff Writer

Rising email impersonation scams that steal valuable data have cost billions of dollars to companies across the world, according to the US Federal Bureau of Investigation (FBI).

From October 2013 to February 2016, businesses have incurred losses to the tune of $2.3bn from these scams, dubbed "business email compromises", the agency said in a report.

Nearly 17,642 businesses of all sizes located across at least 79 nations have been affected by the scams.

"There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments," the FBI said in an alert.

While law enforcement and cyber security experts have been issuing warnings over the increase in such scams, there has been no estimate of losses faced from the attacks.

Cyber security experts believe the losses to go up in future, even as companies ramp up investments to make their systems more secure. Growing profits of companies are expected to lead to an increase in cyber attacks.

Tom Brown, a former federal prosecutor in Manhattan told Reuters: "It’s a low-risk, high-reward crime. It’s going to continue to get worse before it gets better."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The FBI said that the fraudsters go to great lengths to spoof company emails or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor, in order to convince employees about receiving money transfer requests.

"They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy," it said.

The FBI has witnessed a 270% increase in identified victims and exposed losses since January 2015 and the average loss from such scams in Arizona is between $25,000 and $75,000.

Recently, the UK government has launched a dedicated centre for cyber security. The centre named as the National Cyber Security Centre (NCSC) will have its headquarters in London and will be operational from October.

Cyber attacks from state backed hackers, serious crime gangs, hacking groups as well as terrorists are all on the rise in the UK.

The NCSC will work to ensure that the people, public and private sector organisations and the critical national infrastructure in the country are safer online. The creation of the centre is aimed at bringing the UK’s cyber expertise together to transform how the country tackles cyber security issues.

While some industries have taken steps to prevent cyberattacks, there are many industries that can be vulnerable to such talks.

Last year, the London-based telecom group TalkTalk had lost over 100,000 of its subscribers after it witnessed hacking of personal details of its customers. The attack was estimated to cost £60m for the company.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.