Global cyber wire fraud spikes
Attempts at cyber wire fraud globally, via e-mails purporting to be from trusted business associates, surged in the last seven months of 2016, the US Federal Bureau of Investigation (FBI) said in a warning to businesses.
Fraudsters sought to steal $5.3 billion through schemes known as business e-mail compromise, the FBI said in a report released last week by its Internet Crime Complaint Center.
The figure is up sharply from the FBI's previous report which said thieves attempted to steal $3.1 billion from October 2013 through May 2016, according to a survey of cases from law enforcement agencies around the world.
The number of business e-mail compromise cases, in which cyber criminals request wire transfers in e-mails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40 203 from 22 143, the FBI said.
The survey does not track how much money was actually lost to criminals.
Robert Holmes, who studies business e-mail compromise for security firm Proofpoint, estimated the incidents collated by the FBI represent just 20% of the total, and that total actual losses could be as much as double the figures reported by the FBI.
The losses are growing as scammers become more sophisticated, delving deeper into corporate finance departments to find susceptible targets, he said.
"This is not a volume play; it's a carefully researched play," he said.
The US is by far the biggest target market, though fraudsters have started to expand in other developed countries, including Australia, Britain, France and Germany, Holmes said.
The FBI has said that about one in four US victims respond by wiring money to fraudsters. In some of those cases, authorities have been able to identify the crimes in time to help victims recover the funds from banks before the criminals pulled them out of the system.
The US Department of Justice said in March it had charged a Lithuanian man with orchestrating a fraudulent e-mail scheme that had tricked agents and employees of two US-based Internet companies into wiring more than $100 million to overseas bank accounts.
Fraudsters have also used spoofed e-mails to trick corporate workers into releasing sensitive data, including wage and tax reports, according to the advisory.