The FBI is alerting email users regarding a potentially harmful fraud. Victims may get into major legal difficulties with their employers or experience bank account theft.
This fraud, known as the "Business Email Compromise," allows thieves to steal hundreds of thousands of dollars in a matter of minutes.
An official FBI security brief explains how it works and what you can do to protect yourself.
The scam can take many forms, such as an invoice from a company you routinely do business with, a CEO asking an employee to buy dozens of gift cards, or a message instructing a home buyer on how to wire their down payment.
"Business email compromise (BEC) – also known as email account compromise (EAC) – is one of the most financially damaging online crimes," the FBI stated."It exploits the fact that so many of us rely on email to conduct business—both personal and professional."
The fraud may occur anytime, even on trusted applications like Microsoft Outlook or Google Gmail.
Modus operandi
According to the FBI, scammers have a variety of methods at their disposal to dupe you.
For example, they might "spoof" a website or email address.
"Slight variations on legitimate addresses (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) fool victims into thinking fake accounts are authentic," the FBI further explained.
The use of "spear phishing" emails is another strategy.
Phishing emails are designed to appear like they are from someone you know or trust, while spear phishing refers to attacks that are sent to a particularly targeted audience rather than the broader public.
"These messages look like they’re from a trusted sender to trick victims into revealing confidential information," the FBI added. "That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes."
The third strategy involves criminals attacking you through malware. Hackers can steal a lot of information about you or your business.
"Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices," the FBI concluded. "That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information."
Mitigation Tips
In order to safeguard oneself from phishing emails "we recommend our customers to use the phichi platform for customised phish simulation," Mr. Suriya Prakash, Head DARWIS CySecurity Pte Ltd told.
Further, we are listing below some of the best practices for avoiding this kind of scam as enumerated by the FBI.
- Being cautious about what you post online or on social media
- Avoiding unwanted emails or texts with links or attachments
- Examine email addresses and URLs carefully
- Exercise caution with what you download
- Make sure that two-factor authentication is enabled on all of your accounts (you'll need a login code in addition to your password)
- Verify all requests for money transfers from people you know by calling them first
If you have doubts about a message, verify it before transferring money or revealing personal information.