FBI to Remote Workers: Be Careful of This Easy-to-Miss, Costly Scam

pcmag.com:

Ransomware and data breaches may get all the attention, but the FBI is warning that scammers have been busy exploiting another kind of fraud: business email compromise (BEC) attacks.

The FBI today issued an alert about BEC attacks, which estimates exposed losses of $43 billion from companies across the globe since 2016, meaning actual and attempted losses. 

These schemes often involve a scammer either trying to take over the official email account of a CEO or high-ranking executive or impersonating them (or a trusted supplier) through a spoofed email account. The culprit will then message the company’s accounting staff and request a large transfer of funds—thousands or sometimes millions of dollars. An unsuspecting employee might fall for the trick and mistakenly send the money to the scammer’s bank account.

Although BEC attacks are nothing new, the FBI is warning the scams continue to “grow and evolve,” and can involve targeting major corporations, small businesses, and personal transactions. Lately, BEC scammers are quickly laundering the stolen funds by converting them into cryptocurrency. 

“Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars,” the agency added. “This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.”

The FBI also decided to quantify the impact of BEC scams since 2016 by looking at law enforcement reports and filings from financial institutions. In total, the agency counted 241,206 incidents connected to BEC