Email often gets overlooked in the 2019 digital economy, given the higher levels of excitement attached to social media, video and other, more cutting-edge tools — to say nothing of the use of text as a communication tool.
But that message is apparently lost on criminals, who, according to a new report, have stolen some $26 billion over the last three years in a scam generally known as “business email compromise.”
That figure, according to a new CNBC report, comes from the U.S. Federal Bureau of Investigation.
That makes it “one of the costliest cybercrimes against corporations,” according to the report. “Business email compromise involves a criminal impersonating a senior executive or trusted business partner, reaching out to a member of their staff, and convincing that person to wire money to an account to pay a debt or fulfill a purchase order.”
This is not the first time the FBI has sounded a warning about business email compromise.
As PYMNTS covered earlier this year, losses from such schemes nearly doubled from $675 million in 2017 to as much as $1.2 billion in 2018. The numbers come from the FBI’s annual Internet Crime Report, which detailed that the use of social engineering, emails and other methods to get victims to wire money to fraudsters was a lucrative business.
Drilling down a bit, the FBI found increased incidences of gift card-related scams, and said, “The victims received a spoofed email, a spoofed phone call or a spoofed text from a person in authority, requesting the victim purchase multiple gift cards for either personal or business reasons.”
According to an earlier analysis of this particular fraud trend, Ronnie Tokazowski, senior threat researcher at Agari, said, “For trends that we’re seeing, actors have been asking for gift cards instead of wire fraud, but still engage with wire fraud as well. For gift cards, once they have the pictures of the cards from the victims, they sell the cards on gift card exchanges where they can sell the cards to bitcoin. Actors usually get around 70 percent of the face value of the card in bitcoin.”
As CNBC stated in its new report, insurance can cover losses for businesses that are victims of these types of cyberattacks.
“But in this type of scheme, the money, once wired, is not typically covered by the sending bank, there are few insurance options to recover it, and there is little law enforcement can do to claw it back. It’s gone,” the report stated.
That said, the U.S. Department of Justice has announced a recent crackdown against people behind this email scam. The effort, dubbed “Operation reWired,” took place over “a four-month period, resulting in 281 arrests in the United States and overseas, including 167 in Nigeria, 18 in Turkey and 15 in Ghana,” the DOJ said. “Arrests were also made in France, Italy, Japan, Kenya, Malaysia and the United Kingdom. The operation also resulted in the seizure of nearly $3.7 million.”
The criminals behind business email compromise also engage in a wide variety of fraud, the DOJ said.
“The same criminal organizations that perpetrate BEC also exploit individual victims, often real estate purchasers, the elderly, and others, by convincing them to make wire transfers to bank accounts controlled by the criminals,” the DOJ said. “This is often accomplished by impersonating a key employee or business partner after obtaining access to that person’s email account or sometimes done through romance and lottery scams.”
In late August, U.S. federal authorities also announced more action against the people behind business email compromise scams. That’s when the Justice Department unsealed an indictment —spanning 252 counts — against 80 defendants for alleged online scams that bilked firms and individuals of tens of millions of dollars.
As reported, many of those indicted are Nigerian nationals.
The individuals are charged with using business email compromise scams to dupe victims. Each of the defendants has been charged with “conspiracy to commit fraud, conspiracy to launder money, and aggravated identity theft,” according to the complaint, and reports said other defendants also face fraud and money laundering charges.
Email might seem like an old-fashioned technology to many consumers and payment and commerce professionals at this point, but its daily use brings constant opportunity for criminals.