It was recently announced that Interpol and Nigerian law enforcement, in a cooperative effort, arrested a Nigerian man considered by Interpol to be the mastermind behind a network of forty cybercriminals operating in Nigeria, Malaysia and South Africa who had been perpetrating Internet fraud and cybercrimes throughout the world. Estimates of the amount of money stolen by these cybercriminals is as high as sixty million dollars. Two of the primary scams operated by these criminals were the CEO email fraud and the business email compromise. I have written about both of these scams in previous Scams of the day. In the CEO email fraud, the scammers hack the email account of a CEO or other corporate executive and then send an email to someone who handles payments for the company, requesting funds be wired into an account controlled by the scammers. In the other scam, it is the email account of a business is hacked and an email containing a bill is sent to one of that business’ legitimate customers with instructions to wire the money to an account controlled by the scammers. Earlier this year the FBI in a warning about these types of scams said that over the last couple of years, these scams have cost companies billions of dollars.
Both of these scams are both sophisticated and quite simple. They also are relatively easy to defend against. Hacking an email account is not a terribly difficult thing to do so, whenever an email appears from someone in a corporation requesting that money be wired anywhere, a simple security measure to take is to not send any payment until the legitimacy of the transaction has been confirmed by phone or text message. As for bills from companies with which you do business, the key thing is to not only confirm the accuracy of bills before payments are authorized, but also to confirm the accuracy of the bill before sending out such checks particularly by way of wire transfers to make sure that they are being sent to the bank account to which funds have been legitimately sent in the past. If the funds are being requested to be sent to a new or different bank account, the legitimacy of the billing should be confirmed before any payments are made.