Security

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business accounts worth their weight in gold to scammers

By Shaun Nichols in San Francisco

11 SHARE

Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck.

The FBI's Internet Crime Complaint Center (IC3) says that attacks using Business Email Compromise (stealing a legit business account and then using it to transfer funds out to criminals) incidents have exploded, with reported losses more than doubling over the last two years.

From October 2013 to May 2018, 78,617 incidents were reported to the two groups, with total losses topping $12.5bn. In the US alone, 41,058 companies were hit for $2.93bn worth of losses. By comparison, between 2013 and 2016, BEC attacks netted criminals worldwide around $5bn in total.

"Between December 2016 and May 2018, there was a 136 per cent increase in identified global exposed losses the FBI said. "The scam has been reported in all 50 states and in 150 countries."

Also known as 'whaling', the attacks target specific, high-value accounts and individuals. The technique can be enormously profitable for scammers when they succeed.

It is not just cash transfers that are being targeted. IC3 notes that personally identifiable information is also increasingly being sought (usually for identity or tax theft). Scammers are also looking to move into targeting new industries such as real estate where companies are not as wise to their tricks.

"Victims most often report a spoofed email being sent or received on behalf of one of these real estate transaction participants with instructions directing the recipient to change the payment type and/or payment location to a fraudulent account," the agencies said in their report.

Scammers ahoy! International police operation harpoons 74 email whaling suspects

READ MORE

"The funds are usually directed to a fraudulent domestic account which quickly disperse through cash or check withdrawals."

Most often, the report says, the cash ends up getting moved via money mules before going to banks in China or Hong Kong via wire transfer. Outside of Asia, the report notes that banks in Mexico, Turkey, and the UK have also been popular locations to dump the pilfered cash.

The report recommends that companies use multiple forms of communication before making a transfer, particularly ones that include changes in the way a payment is issued. This will make it harder for the would-be scammers to operate.

"Be wary of any communication that is exclusively e-mail based and establish a secondary means of communication for verification purposes," the agencies advise.

"Be mindful of phone conversations. Victims have reported receiving phone calls from BEC/EAC actors requesting personal information for verification purposes." ®

Sign up to our NewsletterGet IT in your inbox daily

11 Comments

More from The Register

FBI boss: Never mind Russia and social media, China ransacks US biz for blueprints, secrets at 'surprisingly' huge scale

RSA 'Espionage and criminal investigations ... almost all of which lead back to Beijing'

Another Apple engineer cuffed over alleged self-driving car data theft: FBI swoop on bod as he boards plane to China

Jizhong Chen accused of copying work drive, snapping pics of highly secretive project

China's tech giants are a security threat to the UK, says Brit spy bigwig

Times are strange when spies talk about infosec and economics colliding

China doesn't need to nick western tech when Google is giving it away

Comment The Fuchsia is bright. The Fuchsia is red

Google's cuddling up to China with clouds in its eyes – reports

Drive and Docs may end up in Tencent-owned DCs

Australian prime minister blames 'state level' baddies for Oz parliament breach

China, Russia, Israel and the US floated as potential culprits

FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

Feds warn admins malware is rather tough to destroy

Dozens of .gov HTTPS certs expire, webpages offline, FBI on ice, IT security slows... Yup, it's day 20 of Trump's govt shutdown

Hackers may be rubbing their hands with glee

OK Google, why was your web traffic hijacked and routed through China, Russia today?

Updated BGP hijacking committed 'grand theft internet'

Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks 'by 11%'

Fed bust of massive attack network caused traffic loads to plummet in Q4