Be careful: An email from the CEO of your company could be fake.
The scam, known as “CEO fraud,” has claimed over $2 billion in funds and taken 12,000 victims globally, the Financial Times reported. It’s caused headaches for several companies, as firms often can’t recover the funds that have been diverted to offshore accounts.
The scheme involves a fraudster impersonating a company executive’s email address, and instructing an employee to wire money to a bank overseas, according to the Financial Times. In one email involving Ameriforge Group, a fraudster acting as the company’s CEO tells an employee that the transaction “takes priority over other tasks,” and is highly sensitive, so “only communicate with me through this email, in order not to infringe SEC regulations.”
And the scheme is growing at an alarmingly fast rate, the FBI said.
Between October 2013 and August 2015, roughly $1.2 billion was stolen by the group or groups behind the scheme. In the past six months alone, another $800 million was lost. That’s a growth of roughly 34%
Victims have lost on average $120,000, with the highest loss being $90 million.
In an August filing, Tech giant Ubiquiti Networks (UBNT) reported that the company lost roughly $46.7 million in funds after an outside entity impersonated an employee requesting funds from the finance department. Ubiquiti was able to recover $8.1 million, security blog KrebsonSecurity reported.
The FBI has yet to hone in on a single group or groups behind the scheme.
In the meantime, the FBI is suggesting that company’s double check the emailer’s identity, for example through a phone call.