Businesses should be on the lookout for fraudulent emails that appear to be from vendors but are actually sent by scammers.
The Internet Crime Complaint Center (IC3) — a partnership between the Federal Bureau of Investigationand the National White Collar Crime Centertasked with receiving Internet-related criminal complaints and further researching these criminal complaints — is warning businesses that scammers are sending companies emails via legitimate suppliers' email accounts, asking for unauthorized wire transfers. The scam is being dubbed the "business email compromise."
Businesses realize they've been duped only after making the wire transfer and then getting another request for a payment from their supplier or vendor after they deliver their merchandise.
"In the scheme, a business partner — usually chief technology officers, chief financial officers or comptrollers — receives an email via their business accounts, purportedly from a vendor requesting a wire transfer to a designated bank account," the IC3 wrote on its website. "The emails are spoofed by adding, removing or subtly changing characters in the email address that make it difficult to identify the perpetrator's email address from the legitimate address."
IC3 officials said noted that the scam often isn't uncovered until the company's internal fraud alerts notify the business to the request, or when the business and the vendor talk to each other to verify the transfer was made.
So far, the average dollar loss per victim has been approximately $55,000; however, the IC3 has received complaints reporting losses of more than $800,000.
In a twist, suppliers and vendors are also being sent fraudulent emails, from businesses' email accounts, to request quotes or orders for supplies and goods. These spoofed emails are being sent to multiple suppliers at the same time and, in some cases, were linked by the Internet Protocol (IP) address to the original business email compromise scams.
The losses on this version of the scam have been insignificant, the IC3 said. This is partly because there is a greater chance that companies will discover the scam, as the emails go to multiple suppliers that often follow up with the company.
The IC3 said that, based on its analysis, the email scams appear to be Nigeria-based. IC3 officials said there are some commonalities in the businesses being targeted:
- Victims are typically from the United States, England and Canada, but there have been complaints from other countries, such as Belgium.
- Targeted businesses often trade internationally, usually through China.
- Targeted businesses often conduct large wire transfers, so the request for larger monetary amounts are not uncommon.
- Most, but not all, victims receive the fraudulent email request through AOL, Gmail or Hotmail addresses. A few companies have reported that scammers were able to access their internal servers.
Originally published on Business News Daily.