Phishing attacks faking business exec requests a $3.1B scam, FBI says

Dive Brief:

The FBI issued a new public-service announcement this week warning businesses that "CEO fraud" is on the rise, with losses exceeding $3 billion since October 2013.
The PSA also contained complaint information from the Internet Crime Complaint Center (IC3), which said it has received 15,688 reports from victims of "CEO fraud" in the U.S. and globally since January 2015, with losses totaling more than $1 billion.
IC3 said businesses and associated personnel using open source e-mail accounts are predominantly targeted.

Dive Insight:

CEO fraud refers to phishing attacks that skillfully mimic an email from an employee’s manager or executive requesting a funds transfer or similar activity. Some even refer to phishing for high-profile targets as "whaling."

While security companies continue to build products that can prevent these types of attacks in the workplace, education around email security must be a cornerstone for all enterprises because hackers have become increasingly shrewd. Human error—paired with corporate cultures that sometimes fail to prioritize cyber education—are often the culprits when businesses fall victim to phishing attacks. IC3 recommends personnel that receive requests for money from a CEO, CFO or other executive call the executive to confirm the request.

In April the FBI said it has seen a 270% increase in so-called CEO scams since January 2015.

"The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong," IC3 said.

On March 1, Seagate Technology gave up the 2015 W-2 forms of all its current and former U.S.-based employees in a phishing scam. The week before, Snapchat revealed it was also the victim of a phishing scam when an employee released company payroll information to an attacker pretending to be CEO Evan Spiegel.