WASHINGTON–The FBI has issued a fraud warning following what it indicated is a significant increase in victims from a scam in which fraudsters spoof communications from executives at an executive’s firm in order to launch unauthorized wire transfers.
In its fraud warning, the FBI said the same has led to nearly $1.2 billion globally in losses involving more than 7,000 victim companies between late 2013 and August of 2015.
The FBI said the scam, sometimes called “CEO fraud,” has been reported in all 50 states as well as 79 countries, but the majority of funds transfers going to Asian banks located in China and Hong Kong.
According to the FBI, CEO fraud typically starts with thieves either phishing an executive and gaining access to that individual’s inbox, or e-mailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. That tactic is similar to scams that have targeted some banks and credit unions.
The FBI said that unlike traditional phishing scams, spoofed e-mails used in CEO fraud schemes are unlikely to set off spam traps, because these are targeted phishing scams that are not mass e-mailed.
According to Krebs on Security, the scams are also more refined, as the thieves take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans. Much of the information the thieves use is publicly available.
Under the scam the fraudster impersonates a company executive or outside vendor and requests a wire transfer through a phone call or e-mail to a company controller, or someone else with authority to wire funds. The request is often sent to accounting departments with a sense of urgency attached.
The FBI said that to further speed payments, fraudsters often ask the bank or credit union involved to bypass the normal out-of-band authentication and transaction verification processes in place for wires