We’ve talked about this kind of scheme before. The traditional scam starts with Company A, Company B and the fraudster who jumps in between the two. The scammer uses an email address almost identical to the one used by a business executive at Company A as he communicates with a vendor or customer at Company B. The scammer is trying to convince Company B to route a payment into the scammer’s personal bank account instead of the Company A account. Usually the businesses have a long-standing relationship, and a request to have a big-dollar invoice paid by wire transfer doesn’t raise any flags.
In some cases, the bad guy actually hacks into the email account of the CEO or CFO at a victim company. This allows him to get in to read, receive or send emails at will. As an added twist, he can set rules within the email account to automatically forward to himself any email that includes a particular keyword or is from a particular sender. The emails pass through the legitimate executive’s account in a virtual sense – but that executive may never even see them as they get deleted from his inbox immediately.
One of the biggest problems that we in law enforcement face in stopping these crimes is that people don’t report when they do realize they are victims – or they wait several weeks to report it. This time lag allows the bad guys to move and hide the money overseas before we even have a chance to stop the transaction through the banks.
So what can businesses do? Here are a few options:
If you have been victimized by this scam or any other online scam, contact the FBI immediately. You can file an online report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.