The FBI is warning businesses to be on guard for an email scam that it says has cost companies billions of dollars over the last two and a half years.
The scam is known as a Business Email Compromise (BEC), and occurs when a corporate email account is hacked and an email is sent from that compromised account ordering a large wire transfer.
As the email looks like a genuine message, often from a CEO or other C-level executive, it is generally acted upon immediately. Additionally, the hackers have targeted businesses that regularly carry out wire transfers, which makes the request seem more realistic, according to NBC New York.
According to the FBI, since October 2013 hackers have attempted to send $3.1 billion (£2.2 billion, €2.8 billion) in 22,000 separate cases. The majority of cases have involved attempted wire-transfers to banks in China and Hong Kong, Reuters reported.
Not all attempts were successful, although an FBI spokesperson said about one in four of the US victims did send money.
The FBI has discovered a 1300% increase in BEC attempts such as these since January 2015, which has prompted its public announcements at a press conference in New York.
Reuters quotes Supervisory Special Agent Mitchell Thompson as warning companies to be vigilant when receiving emails similar to the ones used in these attacks. He also asked companies to report any suspicious activity as soon as possible. “The sooner somebody reports this to the FBI, the better the possibility they can get their money back,” he said.
The FBI has also warned about an increase in ransomware attacks, where files, folders or entire systems are locked down until a ransom is paid. Ransom demands can be anywhere from the low hundreds to tens of thousands of dollars. Aristedes Mahairas, head of the FBI’s cyber division in New York, said businesses should be on the lookout for suspicious emails.
“A lot of it boils down to good computer hygiene,” he said. “If you don’t recognize an email, let’s move that over to the junk folder.”
Ransomware accounted for 42% of all security breaches in 2015, and that figure is expected to increase this year. However, further research has suggested that as much as 30% of people don’t know what ransomware actually is. Despite this 85% of respondents to the same survey said they would not pay the ransom demand.