When the big boss says "jump," generally employees say "how high." Now, a new cyberscam is capitalizing on that mentality to fool its victims.
"[It's] the perfect storm for this type of fraud to happen,” said Tom Kemp, CEO of Centrify, a Santa Clara, California-based cybersecurity company.
It’s known as business email compromise or CEO fraud. The fraudsters send an email that looks all too real requesting a wire transfer or personal information on employees. Thinking they’re helping the boss, employees comply.
According to the FBI, the incidents of the scam increased 270 percent in the first four months of 2016. From October 2013 through February 2016, law enforcement received reports from 17,642 victims, amounting to $2.3 billion lost.
Cybersecurity company Centrify was almost one of those victims.
“I came into the office one day and I sit near the accounting department, and someone said, 'Hey we're working on that wire transfer you requested.' I'm like 'What are you talking about? I didn't request a wire transfer,'” Kemp said.
A member of his accounting department received an email chain that seemed to come from Kemp and Centrify’s CFO, Tim Steinkopf, requesting a wire transfer for more than $357,000.
“It just looked like normal business communication. Then we stared at the email and then we noticed that the 'i' and the 'f' were flipped around,” he said.
The swindlers had created a domain that looked just like Centrify’s and had likely also done sophisticated research.
“We were shocked at the level of sophistication that they would create a fraudulent domain that looked like our domain and also were able to research who's who in our accounting department and try to figure out who could actually initiate a wire transfer.” Kemp said.
While the Centrify team researched what was going on, emails kept coming in from the fake executive.
“The crook was actually communicating with us in real time, trying to nudge us along to actually initiate the wire transfer,” said Kemp.
Centrify tried to track down the criminals and called the company Vistaprint, which had registered the look-alike domain.
"They admitted that morning that 60 other look-alike domains were created. These domain registration companies, they really don't require any information or any credit card information to set up a domain, at least first 30 days,” Kemp said.
“Each domain registration goes through various fraud and credit card checks to ensure payment is verified. ... The email address being used is also run through a variety of proprietary checks to flag potential fraud. ... This is unfortunately an issue that all domain providers face. ... Every single complaint about the misuse of a domain is investigated,” said Alfredo Ramos, Vistaprint’s head of digital products, in an email statement.
To prevent being a victim, companies need to educate their employees about business email being compromised.
If something looks off, make a phone call to confirm, even if it means calling the CEO.
"I've told the people here at Centrify that I will never ever send an email asking for a wire transfer or to send personal identifiable information to me. ... So anytime you get a request from someone with an email address of email@example.com don't believe it. If need be, pick up the phone and actually call me," Kemp said.
He also suggests that companies have a separation between who can initiate and who can approve a wire transfer.
The FBI advises using multifactor authentication, which requires two ways of identifying yourself when signing into an account, such as a password and a code sent to your cellphone.
"You really need to step up your game in terms of making sure that you don't have this occur to yourself and your companies," Kemp said.