FBI: $1.2B Lost to Business Email Scams

Security blogger Brian Krebs on the latest high-dollar scams hitting businesses:

In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of $179 million in so-called business e-mail compromise (BEC) scams, also known as “CEO fraud.” The latest figures show a marked 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than $1.2 billion, the FBI said.

We've had a few of our small business clients report getting these emails in the past year. While the scam takes place via email, it relies on a lack of strict procedures to verify and approve wire transfers.

There isn't a technological defense for this, as email in general is incredibly insecure and email addresses are easily spoofed. As a business owner or manager, all you can do to guard against this scam is educate your team and put strict procedures in place to verify a major transaction with something besides email (by phone, spoken passwords that are never emailed, etc).