Advanced Phishing Scam Targets CEOs, CFOs for Phony Cash Transfers
NEWS ANALYSIS: Social engineering is a major factor in the success of a sophisticated new fraud that's already resulted in the theft of millions from U.S. corporations.The email that Michael Becce shared with me certainly looked real. In the message he appeared to ask the CFO of the corporation he runs to send a large, but not unusually large wire transfer to a bank. "I need you to do a wire of 28,500USD to the attached account. Kindly let me know as soon as transfer is done and send me a transfer confirmation in reply," the email said, and concluded, "Awaiting your reply." Attached to the email was a wire transfer form with an account at a Chinese bank. Becce, who is CEO of MRB Public Relations, said that the payment might have gone through but for a couple of reasons, notably that the CFO in his company is also his wife who knew that he would have said something about such a transfer rather than simply using an email. In addition, the signature block used the company's previous address, not the current one. Other companies haven't been so lucky. Bonnier Corporation, publishers of a number of lifestyle publications including Popular Science, Scuba Diving and Flying, also received such an email, but in this case the amount was much larger.
Shortly after the Bonnier fraud took place, the U.S. government issued a warning. According to a notice from the Financial Services Information Sharing and Analysis Center, working with the FBI and U.S. Secret Service, this kind of business email compromise (BEC) is making a sudden jump in popularity.
"BEC is a type of payment fraud that involves the compromise of legitimate business email accounts for the purpose of conducting an unauthorized wire transfer," the government's statement says.
The way it works is that the accounting or finance department of a corporation will receive an email from someone who appears to be the company's CEO directing payment by wire transfer to a bank account. The email usually says that the need is urgent, and highly confidential, and it directs the immediate payment without further authorization. Normally, the email appears to come from the CEO's company address.