FBI Warns Against Fraudulent E-mail Scheme

Orrick, Herrington & Sutcliffe LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Companies should take notice of a new fraud scheme that has been making the rounds, targeting businesses that regularly make wire transfers.  Known as the "Business E-mail Compromise," or BEC, this scam targets employees responsible for wiring money, instructing them under false pretenses to wire large sums to fraudulent accounts.  The Federal Bureau of Investigation estimates that the scam has claimed over 2,000 victims and resulted in losses totaling nearly $215 million since October 2013. 

In one version of the BEC fraud, the e-mail accounts of high-level business executives (CEO, CFO, CTO, etc.) are compromised by the creation of spoof e-mail addresses.  The imposters then use the compromised executive's e-mail account to send a request for a wire transfer to a second employee within the company who is responsible for processing such requests.  This version of the scheme has been referred to as "CEO Fraud" or the "Business Executive Scam." 

In another variation of the scam, businesses which have a long-standing relationship with a particular suppliers or vendor (i.e. a landlord) receive a spoofed e-mail purportedly from that vendor directing the business to wire funds for invoice payment to an alternate, fraudulent account.  This version of the scheme has been referred to as "The Bogus Invoice Scheme" or "The Supplier Swindle."

Are you prepared to detect and prevent a BEC fraud? Asking yourself and your teams the following questions may help:

  • Have you educated your employees about these scams and encouraged them to be suspicious of unusual, urgent, and secret wire instructions?  You should!
  • Do you have a policy in place that requires employees with wire approval authority to escalate all requests to change a wire recipient's account information?  You should!
  • Do you have a policy in place that requires those same employees to escalate all requests to add a new wire recipient?  You should!
  • Do those policies apply to both external and internal requests?  They should!
  • Have you configured your company's e-mail servers to filter out or flag self-domain spoofing?  You should!  Check out Microsoft's "Best Practices Guide for Configuring EOP." 

More information about the fraud is available from the Internet Crime Complaint Center (IC3), a partnership of the FBI and the National White Collar Crime Center.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Orrick, Herrington & Sutcliffe LLP | Attorney Advertising

Written by:

Orrick, Herrington & Sutcliffe LLP
Orrick, Herrington & Sutcliffe LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Orrick, Herrington & Sutcliffe LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide