It turns out that hackers don't need to break into SWIFT transactions at big banks or even the Federal Reserve in order to get funds wired to their accounts.
Cyber criminals just need to create fake email accounts and send an email to the right employee at a business and accomplish the same result with a lot less effort.
As the FT reports, more than 22,000 businesses have been hit by a scam known as "business email compromise", which entails a hacker mimicking an email of a CEO, lawyer, or another executive that gets sent to a lower level employee ordering that employee to wire money to an overseas account. By the time most organizations realize that the email was bogus, the cash has usually been transferred and is long gone.
What occurs, is an email that closely resembles an official corporate email, maybe misspelling the name very slightly, gets sent to lower level employees – who apparently think to themselves that the CEO emails everyday employees asking for a favor which includes immediately sending a wire through to an overseas bank account happens all the time – and the employee quickly jumps to get the transaction submitted.
Between October 2013 and May 2016, $3 billion in actual and attempted losses have occurred as a result of this scam. Of the $3 billion, about $960 million came from 14,000 victims in the US according to the FT.
Mitchell Thompson, head of the financial cyber crimes task force in the FBI's New York office said that more than 600 complaints of this activity have landed on his desk just over the past few months.
In addition to the email scam, the FBI also warned that there is a rise in ransomware, which is estimated to have resulted in losses of more than $50 million since 2005. In a ransomware attack, criminals gain control of a computer or network and encrypt the data. In order to unfreeze the network, the criminals demand a ransom, usually in bitcoin.
"There is a business model in some respects for criminals because they perceive it to be lucrative. This threat is something that is continually evolving." said Richard Jacobs, assistant special agent in charge of the cyber branch in the FBI's New York bureau.
* * *
Of course there is a business model for criminals to do this, if internal controls at firms are so weak that employees rush out a wire payment to an overseas bank account that they truly believe came from a CEO or other executive, then criminals will extort that all day long. After all, why go through the trouble of hacking the Fed and SWIFT if all one has to do is send an email to an over eager employee with no internal controls to follow.
The post Forget Complex Hacking, Companies Have Lost $3 Billion Falling For A Simple Email Scheme appeared first on crude-oil.top.