Targeted scams that cause organizations to redirect payments is resulting in billions of dollars in losses each year, and often recovery of those lost assets is very difficult. In April 2019, for example, a church in Ohio was scammed out of $1.75 million after it came to light that it had been paying construction fees into a fraudulent account. In the UK, a Glaswegian law firm is suing one of its own employees after she paid almost £200,000 [$250,000] to scammers under instruction by someone pretending to be the firm’s managing director.
Often a far cry from the 419 scams of old, scamming groups such as London Blue have become increasingly adept at infiltrating and hijacking payment processes. They conduct reconnaissance on CFOs and other financial roles and send highly targeted phishing emails, before impersonating senior business leaders and demanding payments are made.
According to the FBI’s latest IC3 report, financial losses due to scams such as business email compromise (BEC), extortion, tech support fraud and payroll diversion totaled more than $2.7 billion across the 350,000 complaints it received in 2018. Given that many cybercrimes go unreported, the true figure is likely much higher.
In the UK, a Proofpoint report suggested that over three-quarters of companies had suffered at least one BEC attack in the last year, with just under 40% being targeted multiple times. Data from Lloyd’s Bank and Get Safe Online found that one in five companies hit by a successful BEC attack has had to make redundancies because of the financial impact.
However, it is sometimes possible to recover lost assets in such situations. The IC3 report also says that the FBI’s Recovery Asset Team (RAT) – set up to help recovery of money sent under false pretenses such as BEC attacks – helped recover $192 million of the $257 million that was lost to domestic accounts …