The Federal Bureau of Investigation has released an alert warning corporate executives to watch out for tricksters who've been siphoning money from companies across the U.S. and 79 countries. The ploys are known as business email compromise scams, or BECs — and they've managed to suck away huge amounts of cash.
The total damage, so far, exceeds $2.3 billion in losses.
The attack method works like this: You receive an email request for a money transfer from what appears to be a trustworthy contact. The sender may look like a legitimate business partner — someone from within your own company, or another contractor you work with and have a history of paying.
In reality, the sender is an impersonator — not the real deal. BECs are effective in part because they evade spam filters, according to security expert Brian Krebs.
Another reason why this scam works is because it's not a random, spray-and-pray attack, according to Krebs. Emails are targeted to specific company, so there's a bit of research that goes into it. Hackers know with whom a company is likely to work, so they can make spoofed emails appear more convincing.
The FBI says some 17,642 companies have reported falling for this type of scam since October 2013. The attacks seem to be on the rise — up 270% since January 2015.
To avoid falling victim to this scam, business owners and employees should avoid money transfers that are only requested via email, the FBI says. It also recommends confirming pending financial transactions over the phone. If you believe you've been the victim of this kind of attack, be sure to reach out to your financial institution.
Those fraudsters don't need to steal another billion.