In this day and age, you can do nearly everything over the internet. You can buy goods and listen to music from around the world, conduct business, transfer money, and keep in touch with coworkers and friends via email and social media.
You can also scam businesses for millions of dollars by stealing client lists. Individuals can buy any narcotic you could possibly imagine on the dark web.
This month, we take a look at just how far our interconnection with the internet goes – from the massive unseen world of the dark web to cleverly crafted scams made possible by business
Cyber Thieves in CEO Clothing
The FBI reported that hijacked email accounts were responsible for businesses losing nearly $215 million to cyber thieves in the past 14 months. These crimes start with the hijacking of an email account of a company’s executives or employees and businesses who commonly perform wire transfers or deal with suppliers from overseas are especially at risk. No business is safe from this scam, and these particular cons are becoming evermore nuanced to the inner-workings of the businesses they target.
Since staff information is readily available on company websites, along with calendars, and travel plans – not to mention all of this is augmented by what people disclose about their lives and their schedules on social media – it has become easier for scammers to glean details about the people who they pose as. They can also pick up on how to write in the tone of the business and its employees to make fraudulent emails feel more compelling and camouflaged from suspicion.
In a common permutation of this scam, the con artist poses as a company’s executive and sends a request to the employee who typically handles wire transfers to wire money. Little details can be dropped about travel dates, meeting times, and even family members to lead the recipients of these emails to believe it’s just business as usual, especially if being asked to wire money is a normal workplace occurrence.
The Internet Crime Complaint Center (a collaboration of the FBI and the National White Collar Crime Center) explains:
The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request. […] Fraudulent emails received have coincided with business travel dates for executives whose mails were spoofed. The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment.
Talk about a clever disguise!
How can businesses protect themselves against such complex and compelling scams? The Internet Crime Complaint Center advises a two-step authentication process for emails, and also to include other channels of communication regarding wire transfers to verify transactions before they are submitted. This way, employees can’t just wire money when prompted via email, even if the email is from a legitimate source.
Another precautionary step advised is to encourage businesses to limit the amount of employee activity information made available both on the company website and on social media.