The FBI is warning that businesses have handed some US$3.1 billion to email scammers, a whopping 1,300 percent increase in 18 months.
Businesses are tricked into sending the cash to would-be chief executive officers who have sufficient company information, obtained through open source searching or hacking, that makes the requests for money appear legitimate.
Some 14,032 victims in the US have hemorrhage US$961 million, thanks business email compromise scams.
The agency counts only 1,636 victims abroad totalling losses of US$93 million.
The FBI says in its alert victims of ransomware may be put on the business email compromise scammer's to-do list though the method of target selection is largely unknown.
"Some individuals reported being a victim of various scareware or ransomware cyber intrusions immediately preceding a BEC incident," the alert says.
"It is largely unknown how victims are selected; however, the subjects monitor and study their selected victims using social engineering techniques prior to initiating the BEC scam.
"The subjects are able to accurately identify the individuals and protocols necessary to perform wire transfers within a specific business environment. Victims may also first receive phishing e-mails requesting additional details regarding the business or individual being targeted."
The FBI paints scenarios for hapless HR or finance staffers including the new scheme of w-2 tax siphoning which emerged in the last US tax season, supplier scams, contact phishing, and executive and attorney impersonation. ®
Sponsored: Webcast: Simplify data protection on AWS