“Business Email Compromise” (BEC) scams, since October 2013 have cost businesses around the world over $1.2 billion, the FBI said recently.
7000 US businesses have reported $747 million in losses, with an average loss of $130,000, the FBI said.
The scammers succeed by compromising legitimate email accounts throughsocial engineering or malware that steals account credentials.
The fraudsters then use access to email accounts to gather intelligence such as information about billing and invoices that won’t raise the suspicion of employees who send transfer payments.
FBI Special Agent Maxwell Marker said the scammers have become adept at imitating invoices and accounts, giving them a sophistication beyond any similar scam previously seen by the FBI.