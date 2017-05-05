(Adds comment from cyber security expert)
By Alastair Sharp
May 5 Attempts at cyber wire fraud globally, via
emails purporting to be from trusted business associates, surged
in the last seven months of 2016, the U.S. Federal Bureau of
Investigation said in a warning to businesses.
Fraudsters sought to steal $5.3 billion through schemes
known as business email compromise from October 2013 through
December, the FBI said in a report released Thursday by its
Internet Crime Complaint Center.(bit.ly/2qAEVBE)
The figure is up sharply from the FBI's previous report
which said thieves attempted to steal $3.1 billion from October
2013 through May 2016, according to a survey of cases from law
enforcement agencies around the world.
The number of business-email compromise cases, in which
cyber criminals request wire transfers in emails that look like
they are from senior corporate executives or business suppliers
who regularly request payments, almost doubled from May to
December of last year, rising to 40,203 from 22,143, the FBI
said.
The survey does not track how much money was actually lost
to criminals.
Robert Holmes, who studies business email compromise for
security firm Proofpoint Inc, estimated the incidents
collated by the FBI represent just 20 percent of the total, and
that total actual losses could be as much as double the figures
reported by the FBI.
The losses are growing as scammers become more
sophisticated, delving deeper into corporate finance departments
to find susceptible targets, he said.
"This is not a volume play; it's a carefully researched
play," he said.
The United States is by far the biggest target market,
though fraudsters have started to expand in other developed
countries, including Australia, Britain, France and Germany,
Holmes said.
The FBI has said that about one in four U.S. victims respond
by wiring money to fraudsters. In some of those cases,
authorities have been able to identify the crimes in time to
help victims recover the funds from banks before the criminals
pulled them out of the system.
The U.S. Department of Justice said in March that it had
charged a Lithuanian man with orchestrating a fraudulent email
scheme that had tricked agents and employees of two U.S.-based
internet companies into wiring more than $100 million to
overseas bank accounts.
Fraudsters have also used spoofed emails to trick corporate
workers into releasing sensitive data, including wage and tax
reports, according to the advisory.
(Reporting by Alastair Sharp in Toronto; Editing by Bernadette
Baum and Lisa Shumaker)