Skip to main content
close search
site logo
Dive Brief

Impersonation schemes cost companies $2.3 billion, FBI says

Published April 7, 2016
By
Contributing Editor
Fotolia

Dive Brief:

  • The FBI posted an alert this week warning about phishing attacks that skillfully mimic an email from an employee’s manager or executive requesting a funds transfer or similar activity.

  • The alert said the FBI has seen a 270% increase in so-called CEO scams since January 2015.

  • The FBI estimates these crimes have cost organizations more than $2.3 billion in losses over the past three years.

Dive Insight:

The FBI estimates the average organization loses an average of between $25,000 and $75,000 in a CEO scam.

According to KrebsOnSecurity, the fraud typically begins with hackers either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a domain name very similar to the target company’s real domain.

Because they look like real emails and are sent only to specific individuals, CEO scams usually don’t set off company spam traps. And, the hackers involved often study a company carefully to understand its business and activities so that funds request looks very legitimate.

Several high-profile companies have been hit with CEO scams in the last several months. Toymaker Mattel was the victim of a phishing scam last year that almost cost the company $3 million, according to the Associated Press. A financial executive accepted a request to wire $3 million to a bank in China for a new vendor payment. Later, realizing the request was a scam, the company jumped to stop the request, but the money already was in China. Luckily, the day after the attacks was a banking holiday in China and Mattel was able to recover the funds.

On March 1, Seagate Technology gave up the 2015 W-2 forms of all its current and former U.S.-based employees in a phishing scam. The week before, Snapchat revealed it was also the victim of a phishing scam when an employee released company payroll information to an attacker pretending to be CEO Evan Spiegel.

While security companies continue to build products that can prevent these types of attacks in the workplace, education around email security must be a cornerstone for all enterprises because hackers have become increasingly shrewd. Human error – paired with corporate cultures that sometimes fail to prioritize cybersecurity education – are often the culprits when businesses fall victim to phishing attacks.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell