FBI: CEO spoofing has cost businesses $2.3bn in under three years

The FBI has issued a warning over a massive increase in business email scams or ‘whaling attacks’, which have cost businesses a staggering $2.3bn in losses in under three years.

According to the FBI, there has been a 270 percent increase in victims that have reported “business email compromise” losses to the bureau since January 2015.

Victims of whaling attacks typically lose huge sums of cash and this is reflected in the FBI’s updated figures.

The FBI in August 2015 reported that businesses had lost $1.2 billion to the scam since October 2013. As of February 2016, reported financial losses have risen to $2.3bn for the period. The number of reports from victims has more than doubled since August from 8,179 to 17,642 in February.

While it's unclear who is behind these attacks and what their nationality is, according to the FBI's figures, most of the transfers are going to banks located within China and Hong Kong. That may be because, as an Associated Press report highlighted last month, China is emerging as an international hub for money laundering.

Whaling attacks typically involve setting up a bogus email account that appears similar to that of a senior business figure, such as the CEO, at a company. The attacker then emails a financial controller with urgent instructions to wire a transfer to a known supplier. The attackers typically target businesses that work with foreign suppliers.

In March Associated Press reported that a senior finance officer at toy-maker Mattel was tricked into wiring over $3 million to a bank in China after the officer received an email, supposedly from the CEO, requesting the transfer be made. The company was luckily able to stop the transfer before it reached the attacker’s account.

The latest FBI update on the scam comes from its Phoenix, Arizona office. According to it, the average loss per victim in Arizona is between $25,000 and $75,000, however there are numerous cases where losses exceed these amounts.

As krebsonsecurity.com reports, a US maker of networking equipment reported losing $46m in a whaling attack in 2015, while a commodities trader lost $17.2m.

The FBI’s advice to business is to be cautious of email requests to wire money and if the request is to send funds to a business partner, call the business partner first. Anyone with access to the company purse strings should also be wary of spoofed email addresses.

Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.Start Survey NOW

Tags hackingcyber crimeattacksCEOAssociated PresstheftMattelfinancial databogus updatesspoofingnetworking equipmente-mail attackswhaling attackLiam Tung

Show Comments