Skip to main content

The FBI issues warnings about an email scam that’s stolen more than $1.2 billion

FBI Cybercrime
FBI
The Federal Bureau of Investigations (FBI) put out a pair of warnings (1, 2) in recent weeks regarding a fraud scheme that involves email, wire transfers, checks, and international business. The target of these schemes are businesses that work with foreign suppliers and those that perform wire transfer payments.

The warnings state that since January, the number of victims has nearly tripled, at an increase of 270 percent. Victims have been reported in all 50 U.S. states and across 79 different countries. More than 8,000 victims and $800 million in losses later, the report dives into how social engineering and phishing have been the point of attack. Once the target is compromised (potentially you), the attacker conducts unauthorized transfers of funds, typically stealing through wire transfers. Once the international law enforcement reports are tallied into the figure, the losses total more than $1.2 billion. One of the biggest hauls on record comes from the networking company known as Ubiquiti Networks, which reports that cyber thieves stole $46.7 million with this scam.

Common methods, direct targets

The culprit here in most cases is phishing, and more specifically, spearphishing. The intended victim will receive a link with a malicious payload in their email, which will appear to come from a valid source. Once the victim clicks the link the malware is installed. Next thing you know, usernames, passwords, financial information, etc. is all theirs. The bottom line: If you work in international business, and you wire transactions, you might be a target.

The FBI prescribes awareness and detection, as well as a few common sense things to avoid being a victim.

Possible ways to protect yourself, or your business:

  • Create intrusion detection system rules that flag emails with extensions that are similar to company email. For example, legitimate email of abc_company.com would flag fraudulent email of abc-company.com.
  • Register all company domains that are slightly different than the actual company domain.
  • Verify changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign- off by company personnel.
  • Confirm requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the email request.
  • Know the habits of your customers, including the details of, reasons behind, and amount of payments.
  • Carefully scrutinize all email requests for transfer of funds to determine if the requests are out of the ordinary.

There’s a lot you can do on an individual basis along these same lines. Use two-factor authentication, change your passwords up verify all transactions, check all email links, and other tips could help you avoid losing $46.7 million.

Editors' Recommendations

John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
Skype now supports 911 calls in the U.S.
iPhone with the Skype mobile app loading screen.

Skype has updated its mobile and desktop apps to allow emergency calling in the U.S. for the first time in its 18-year history. Calls to 911 are also possible via Skype’s web-based service, notes for the recently released Skype 8.80 showed.

Emergency calling from Skype could come in handy if you find yourself in a tricky situation without a phone but have a computer close by, or if phone lines are down but you can get online.

Read more
The Interplanetary File System: How you’ll store files in the future
Cloud storage for downloading an isometric. A digital service or application with data transmission. Network computing technologies. Futuristic Server. Digital space. Data storage. Vector illustration.

When you upload a file or send a tweet, your information is stashed in some corporation-owned mega data center in the middle of nowhere. The endless racks of computers in these facilities hold millions of ledgers, and with a flick of a switch, companies can censor or misuse the data.

But what if instead of handing it to, say Amazon or Google, your data is broken down into pieces and scattered across the globe so that no one except you and your key -- not even the government -- can access it?

Read more
The best hurricane trackers for Android and iOS in 2022
Truck caught in gale force winds.

Hurricane season strikes fear into the hearts of those who live in its direct path, as well as distanced loved ones who worry for their safety. If you've ever sat up all night in a state of panic for a family member caught home alone in the middle of a destructive storm, dependent only on intermittent live TV reports for updates, a hurricane tracker app is a must-have tool. There are plenty of hurricane trackers that can help you prepare for these perilous events, monitor their progress while underway, and assist in recovery. We've gathered the best apps for following storms, predicting storm paths, and delivering on-the-ground advice for shelter and emergency services. Most are free to download and are ad-supported. Premium versions remove ads and add additional features.

You may lose power during a storm, so consider purchasing a portable power source,  just in case. We have a few handy suggestions for some of the best portable generators and power stations available. 

Read more