What you NEED to know about the latest Cyber Fraud!
The FBI just released a warning to all US businesses of an increase in email phishing scams—especially those targeted at CEOs. The business email compromise scams (aka, BECS) is a scheme that many businesses like yours have already fallen for.
While I have been talking my head off about security issues, like phishing attacks, for a while now, I couldn’t quantify the damage cyber scams have been wreaking on businesses similar to yours—that is until the latest FBI report revealed the details I’ve been hoping weren’t so bad!
Here’s what the FBI is seeing:
- Cyber criminals are going to greater lengths to spoof emails. They are assuming identities of an accountant, attorney, trusted vendor and now even CEOs to steal from hard-working businesses through wire fraud transfers.
The scary thing nowadays, is these criminals are getting smarter. They are doing their homework. They research your employees who manage money and use specific language specific to the company they are targeting. While some of these criminals are in far off countries, many are in our own backyards—speaking and communicating just as we would.
- No business is immune! The FBI has identified large and small companies alike. Non-profit and for-profit companies, too! Everyone is a potential target. If they can find a vulnerable team member or weak link in your security measures, criminals are going to try their darndest to get in!
- Be extra cautious if you regularly use wire transfers—criminals are specifically looking for folks like you! You’re used to transferring large sums of money and that’s exactly what they want you to do.
- The victims keep piling up—the FBI reports victims in EVERY state. More than 17,600 businesses have already been affected by the BEC scam alone!
- Cybercrime is increasing—the FBI reports a 270 percent increase in victims since January 2015. That means the likelihood of you falling to a scam is getting higher! With trickier schemes and experience on their side, cybercriminals, hackers and thieves are all figuring out the best strategies for getting into your piggy banks and databases. In fact, these schemes have estimated costs at over $2.3 billion thus far.
If your business has been victimized by a phishing scam, here are a couple of steps to take:
- Contact your bank immediately
- Request they contact the financial institution where the transfer was sent.
- File a complaint with the IC3: https://www.ic3.gov/complaint/default.aspx. It doesn’t matter how much was lost! A crime is a crime in my book!
If you’re wondering if there are any proactive steps your business should take, there are several:
- Be cautious of urgent wire transfer requests coming through email
- Call and verify requests over the phone
- Be cautious of email address mimicking
- Use multi-level authentication to verify high priority emails
- Practice fake CEO emailing as a training exercise
P.S. If you want to make sure you’re not a victim, please contact Cheryl Gholson on our team today to set up a cybersecurity assessment for your business. And if you’re trying to justify any IT security spending, this information is VERY convincing—share it with everyone you know!
