Security & Fraud

Fraudsters Bank Billions Via Corporate Email Scams

Cybercriminals are making bank from wire transfer scams conducted through email — the FBI estimates more than $2.3 billion since 2013.

These schemes, which authorities consider to be one of the fastest-growing, involve fraudsters pretending to be company executives in order to trick employees into transferring money to accounts that are actually controlled by the criminals themselves, Reuters reported on Thursday (April 7).

In an alert issued last week, the FBI explained that “business email compromise” scams have involved nearly 17,642 businesses across at least 79 countries.

“They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy,” the alert stated.

Authorities expect that the amount of global losses will only grow as more criminals are attracted to the money being made from wire transfer schemes.

“It’s a low-risk, high-reward crime. It’s going to continue to get worse before it gets better,” former federal prosecutor Tom Brown told Reuters, adding that, in many cases, companies can’t fathom the potential fallout from email account breaches.

“This shows that even the hack of an email account can cause significant financial loss,” Brown added.

In its alert about the growing threat of the business email compromise, the FBI noted that, since Jan. 2015, there has been a 270 percent increase in identified victims and exposed loss due to these scams.

Recently, PayPal addressed a security vulnerability that would have allowed unauthorized access to its email platform and the ability for malicious emails to have been sent from its official online Web application.

“Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent redirect to external sources and persistent manipulation of affected or connected service module context,” the security researcher who discovered the risk said in a write-up.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment