A type of wire fraud called "business email compromise" is growing in prominence and is almost impossible to stop, resulting in losses of $26 billion in the last three years, according to new research released Tuesday by the FBI. That makes it one of the costliest cyber crimes against corporations.
Business email compromise involves a criminal impersonating a senior executive or trusted business partner, reaching out to a member of their staff, and convincing that person to wire money to an account to pay a debt or fulfill a purchase order. Like "sextortion" by email or real estate wire fraud, the attacks require only rudimentary computer knowledge.
Most cyber-attacks can be offset by a range of insurance products. But in this type of scheme, the money, once wired, is not typically covered by the sending bank, there are few insurance options to recover it and there is little law enforcement can do to claw it back. It's gone.
Variations of this scheme have heavily affected human resources departments, and resulted in paychecks being rerouted to offshore accounts. Small businesses have had to declare bankruptcy after being victimized, and larger firms have been similarly affected, including Mattel and jeans retailer Diesel, which attributed its bankruptcy in part to pervasive wire fraud.
The announcement coincided with a Justice Department crackdown on perpetrators of the schemes, 281 in all with 74 of those from the United States.
"Sending fraudulent email is cheap and the messages don't require expensive malware," said Kevin Epstein, vice president of threat operation at Proofpoint. "Yet the attacks themselves are highly effective."
Epstein recommends companies continue educating their employees, and putting protocols in place that create multiple steps before funds can be wired. The FBI also offers resources on reporting suspected email compromise schemes.