Washington – An email scam which targets businesses with bogus invoices has netted more than $214 million from victims in 45 countries in just over one year, an FBI task force said Thursday.
The Internet Crime Complaint Center, a joint effort of the FBI and the nonprofit National White Collar Crime Center, said the losses were calculated from October 1, 2013 to December 1, 2014.
In the scheme, fake invoices are delivered to businesses which deal with overseas suppliers, asking for payment by wire transfer.
“The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed,” the task force said in a statement.
“Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers.”
The scam has claimed 1,198 US victims and 928 in other countries, according to the statement. US firms have lost more than $179 million of the total.
The FBI “believes the number of victims and the total dollar loss will continue to increase,” the statement said.
In one version of the scheme, a business which works with overseas supplier is contacted by phone, fax or email asking for payment. The emails are “spoofed” to look as if they came from the legitimate supplier. Phone and fax requests also appear genuine.
In another version, email accounts of high-level executives are compromised to allow the criminals to request a wire transfer, often including instructions to “urgently send” funds.
A third version of the scheme involves the hacking of an employee’s email account, which then sends out bogus invoices to vendors or suppliers.
The FBI task force said vulnerable businesses should avoid using free Web-based emails for official accounts and to exercise caution about posting company information on websites and social media.
The group also suggests additional security steps such as two-step verification or digital signatures.
“Always verify via other channels that you are still communicating with your legitimate business partner,” the statement said.
