Boss Asking for Wired Money? It Could Be a Scam

impersonating-CEOS

It’s much easier to steal $1 million from one person than $1 from a million people, so naturally that’s where identity thieves have taken their “industry.” Small-dollar credit card fraud is old, tricking corporations into wiring millions of dollars overseas is in.

At the root of the latest scariest trend in identity fraud is a new twist on an old scam routine: impersonation. But in this con criminals aren’t impersonating a teenager in trouble to trick Grandma into wiring $1,000. They are impersonating executives with urgent requests to pay multi-million-dollar invoices. The scam works because employees naturally want to please their boss.

How the Scam Works

“Glen, I have assigned you to manage file T521,” read one such message sent by a scammer impersonating an executive. It was provided by the American Institute of Certified Public Accountants (AICPA) in a recent report on this kind of fraud.

“This is a strictly confidential financial operation, which takes priority over other tasks,” the message continued. “Have you already been contacted by [name of person and company]? This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations. Please do not speak with anyone by email or phone regarding this.”

Thirty minutes later, the “executive” convinced the employee to make an upfront payment toward an acquisition in China. “Glen” wired $480,000, and didn’t become suspicious until the “boss” asked for a second payment worth millions.

In professional circles, the crime goes by the pedantic name “business email compromise,” but there’s nothing bland about the trend. Reports of the crime to the FBI’s Internet Crime Complaint Center have soared — from 1,198 incidents during 2013 to a total of almost 16,000 in the FBI’s most recent report in 2014. Worse yet, losses have grown 1,300% since January 2015, to almost $1 billion.

Individual firms have been hit hard. One technology company reported in an SEC filing last year that it had been hit by a con that led to “transfers of funds aggregating $46.7 million.”

In its report, the AICPA said the scam is so successful because criminals do a lot of legwork to prepare.

“Cybercriminals conduct extensive research online to mimic a company’s email protocols, design and structure. They monitor social networks to target employees who have a working relationship with the senior executive attributed to the fake email,” the report said. “It’s all meant to be plausible enough to persuade the employee to be responsive to the senior executive’s request and to bypass the controls associated with a wire transfer.”

Other elements that make the crime work so well, according to the report:

  • The email address is substantially similar to the purported sender’s address, with very minor, subtle differences. The email display name may appear correct, but when the cursor hovers over the email address, a different underlying address is displayed. For example, if the actual address is CEO@victimco.com, the impersonator address might be CEO@vicitmco.com. (Note the misspelled domain.)

  • Requests occur when the executive is traveling and cannot be contacted.

  • There is an element of urgency or secrecy regarding the disbursement.

  • The amount is within the normal range of transactions so as not to arouse suspicion.

  • Other employees are referred to or copied in the email, however, their email addresses are also modified.

Executive ID theft can take two main forms, the report says. In the first, an employee receives a rather panicky email from a supervisor saying a transaction must be ordered immediately to complete some kind of secret business deal. In the second form, dubbed “strong-armed vendor request,” a criminal pretends to be a vendor with an outstanding invoice — often based on a real invoice. The criminal then asks the payment be redirected to an account they control.

“The fraudulent email contains a PDF file of an invoice that appears to be from the trusted supplier, and the email text and header information appear to contain the hallmarks of an actual business communication from the supplier,” the report said.

At its core, business email compromise is the same old internet scam: There’s the usual time pressure technique, designed to confuse targets so they drop their guard, and the usual irrevocable payment method, such as a wire transfer.

“This sophisticated type of cyberattack is stealing millions of dollars from companies in a manner that should be particularly concerning to company stakeholders because it persuades employees to ignore internal controls,” said Annette Stalker, owner of Stalker Forensics and chair of the AICPA’s Forensic and Litigation Services Committee. “Executive impersonation bypasses the security systems that company IT departments have put in place to neutralize cyberattacks by going where companies and their employees are most vulnerable: their email systems.”

How to Protect Yourself

The time-tested internet fraud advice still holds true: If you ever feel unusual pressure from someone to make any kind of payment, back away from the computer and take a stroll around the block. Hit the pause button. Nearly all scams would fail if victims didn’t bow to time pressure that criminals utilize as their tool of choice. And stick to procedure when making payments, be they $10 credit card transactions to buy a pair of winter gloves or $10 million payments to overseas vendors. Don’t let someone talk you into doing an end-around — such as a one-time wire transfer to a new account — when you are dealing with money. Pauses and procedures are your best fraud-fighting tools.

If you do fall victim to a scam and your personal information is compromised, be sure to keep an eye on your credit, as this can indicate possible fraud. A sudden drop in credit scores, for instance, is a big sign that your identity has been stolen as are mysterious credit inquiries on your credit report. You can view a free snapshot of your credit report, updated every 14 days, on Credit.com.

Image: monkeybusinessimages

The post Boss Asking for Wired Money? It Could Be a Scam appeared first on Credit.com.

The Top Scams of 2015

pay_credit_card_phone

Scams cost consumers more than $1 million this year, according to a roundup of reports by the Better Business Bureau. Since that figure only accounts for incidents reported to the BBB, actual losses may be even greater. The good news is 85% of consumers who reported these scams realized what was going on before it was too late.

Then again, the best defense against scams is to know the signs. Most scams on the BBB’s list happened over the phone and involved asking consumers to pay for something they shouldn’t, such as winning a sweepstakes. Here are the 10 most common scams reported to the BBB this year.

1. Back Taxes

Reports this year: 2,413
Percentage of all reports: 24%

Someone claiming to be from the IRS calls saying you owe back taxes and must pay immediately. They may demand payment by money transfer or prepaid debit card. The first sign it’s a scam? The IRS never calls.

2. Debt Collection Scammers

Reports this year: 835
Percentage of reports: 8.3%

Here, someone calls saying you have an unpaid debt and could face wage garnishment, lawsuits or jail time. But even legitimate debt collectors can’t make threats. If you have debts in collection, know your rights so you can deal with the issue. (Here are a few tips for spotting a debt collection scammer.)

3. Sweepstakes, Prizes & Gifts

Reports this year: 811
Percentage of reports: 8%

Someone calls, emails or writes to say you’ve won a prize and need to pay delivery fees. But winning a contest you didn’t enter should be a red flag, and you shouldn’t pay for something you’ve won, the BBB says.

4. Tech Support Calls

Reports this year: 608
Percentage of reports: 6%

Someone calls to say they’ve detected a virus on your computer. They request remote access, perhaps for a fee, when all they want is to look through your data.

5. Government Grants

Reports this year: 574
Percentage of reports: 5.7%

You receive a phone call saying you’ve won a government grant and need to pay processing fees. Of course, the victim wires the money only to never receive the grant.

6. Advanced Fee Loans

Reports this year: 388
Percentage of reports: 3.8%

While researching loans online, you come across an ad and click for more info. After sending the application, someone calls or emails to say you’ve been approved — that is, if you send money. Not only do you lose the money (and the loan), you’ve just given a thief your personal info, exposing yourself to identity theft. A criminal can use that info to open new accounts in your name. You can spot these new accounts by monitoring your credit. You can get your free annual credit reports at AnnualCreditReport.com and you can check your credit scores for free every month on Credit.com to spot signs of this type of fraud.

7. Credit Cards

Reports this year: 306
Percentage of all reports: 3%

Someone posing as your credit card issuer calls to say you qualify for lower interest rates, you just need to “confirm your account details” and then that info is used to perpetrate fraud.

8. Work-From-Home Scams

Reports this year: 261
Percentage of all reports: 2.6%

You find a job online that lets you earn lots of money from home. Sound too good to be true? It is. Research whoever you work with, because your info could be stolen. You could send your resumé only to never hear back, or worse, get involved in a bad business.

9. Fake Checks/Money Orders

Reports this year: 242
Percentage of all reports: 2.4%

Someone sends a check or money order for more than he owes, and asks you to pay back the difference. By the time you’ve sent payment, the first check has bounced.

10. Lottery ‘Winnings’

Reports this year: 241
Percentage of all reports: 2.4%

A phone call, letter or email says you’ve won a lottery, but need to pay taxes in order to receive the lump sum.

Things to Remember

Common sense will help you avoid losing money or having your identity stolen. But never be too careful: Don’t share personal info. with strangers, especially if they contact you first, and research everyone you do business with. Fraud and identity theft not only cost money, they can damage your credit. Make a habit of reviewing your credit scores for signs of fraud, which you can do for free every 30 days on Credit.com.

More Money-Saving Reads:

Image: iStock

The post The Top Scams of 2015 appeared first on Credit.com.