Dramatic increase in email wire frauds
A recent “dramatic increase” in email wire frauds perpetrated against companies worldwide with funds being wired to accounts in Asian banks in Hong Kong and mainland China has been widely flagged on the internet. The US Federal Bureau of Investigation (FBI) has reported that between October 2013 and February 2016, there were 17,642 victims resulting in US$ 2.3bn in losses. This is a 270 percent increased in identified victims and exposed loss since January 2015.
The global law firm Dorsey and Whitney LLP say the figures “probably understate the dimensions of the problem”. “The BEC scams are occurring at an alarming rate and even large sophisticated companies are falling victim,” it states, in a report. Among the clues to look out for are: “email addresses from a known person which are from a different or unusual email account, bearing in mind that difficult-to-detect changes can be made to a legitimate e-mail address; and emails with unusually poor spelling and grammar.”
Emails can be compromised even with protections such as Office 365 Login because the end user is “human”, said Roshan Indragupta, Senior Information Security Engineer at Sri Lanka CERT. The attacks are usually through targeted phishing emails or “spear fishing” attacks. “They happen mostly due to the lack of awareness of the user,” he explained
“All of a sudden, when they ready to place orders and pay the money, they receive an email requesting them to deposit it to a different account,’ he said, saying similar frauds were reported in the past three years targeting businesses doing transactions with foreign parties.
There have been instances where hackers have changed the settings so that emails sent to a particular account are copied to the hacker’s email account so that he or she is aware of the conversations and transactions taking place.
“A hacker can change the settings-and, in some cases, this has happened -- so that he can intercept the reply of a business partner overseas or send emails without the account owner knowing it,” Mr Indragupta said. “In this way, a third party will get to know exactly what is going on.”