In a cybersecurity conference held in New York City on Tuesday, FBI assistant director of the federal agency’s cyber division James C. Trainor Jr., has revealed an increasingly common email scam that sees billions of dollars stolen from American companies.
Trainor highlighted an increasingly common, recurring scam called “business email compromise” wherein hackers compromise and gain control of a CEO’s account to begin with. Then, the hackers proceed to trick the company’s financial department to send a sizable sum of a money to an outside bank account.
With this entirely simple social engineering hack, hackers have siphoned billions of dollars from American companies, with over 80% of the stolen money wired to banks in China and Hong Kong, he revealed.
Notably, the FBI received reports from a staggering 17,642 companies that lost $2.3 billion between October 2013 and February 2016 due to the scam.
Speaking to CCNMoney, Trainor stated an example of an email purporting to arrive from the chief executive officer to the chief financial officer. “We need to pay this vendor right now. Wire $1 million to this account,” an email would state.
Furthermore, he believes that the true number of victims and costs are likely to be much higher, since companies do not always report such crimes to the FBI, purely to avoid embarrassment.
To put the increasing scale of the seemingly simple hack into perspective, Trainor added:
I get about two or three business email compromises reported to me every day, seven days a week, for the last year and a half.
Notably, it is in the best interests of companies to contact the FBI immediately after such a theft. The reason? They can actually get their money back.
The FBI has a 72-hour window during which they can trace the money and even request that the receiving Chinese or Hong Kong-based bank return the funds. If the cash hasn’t been withdrawn yet, Chinese banks readily assist such demands from American law enforcement, Trainor said.
Image credit: Pexels.