Organized phishing scams target businesses | Better Business Bureau

According to the FBI, total losses are estimated to be almost $800 million from October 2013 through August 2015. A local cyber security firm estimates that 37,000 businesses countrywide could be victims of these spear phishing attacks.

December 1, 2015 5:26 pm
Tags:

Better Business Bureau serving Alaska, Oregon and Western Washington has been alerted to recent cyber threats against local Alaska businesses. Many of these attacks are considered “spear phishing” – email scams where organized criminals research and target specific businesses. According to the FBI, total losses are estimated to be almost $800 million from October 2013 through August 2015. A local cyber security firm estimates that 37,000 businesses countrywide could be victims of these spear phishing attacks.

Scammers target businesses by sending spoofed emails, appearing to originate from company CEO’s, requesting information such as access codes and passwords or giving approval to pay attached invoices. According to a local cyber security expert, “the more advanced attackers are buying domains with similar names to existing companies to trick people into believing they are emailing legitimate employees.” These domain names often look exactly like that of a legitimate company, but with an extra letter or period that might not be obvious at a cursory glance.

The fraudulent emails ask the Chief Financial Officer or Controller to wire money for payment to a vendor. Attached to the email is an invoice with payment terms, wire transfer instructions and directions to notify the “CEO” when the transfer is complete. Once the funds are received, the scammers empty the account.

These types of scams have cost businesses significant amounts of money – sometimes in the millions. To help prevent these scammers from succeeding, BBB recommends:

  • Proper controls. Ensure there are proper controls on financial transactions and accounts payables. Consider two party procedures for larger payments.
  • Education. Develop security policies and protocols. Make sure all employees are trained to recognize possible phishing scams and to be vigilant when clicking on links or attachments to emails.
  • Brand protection. Purchase domains with similar names to protect company branding.
  • Beware of what you share. Scammers research social media sites to find information that they will use to gain access to protected data. They may also attempt to obtain company information by calling to conduct a survey or impersonating a company vendor.

Better Business Bureau has recently entered into a collaborative relationship with the National Cyber Security Alliance to educate consumers and businesses about potential cyber threats and managing online security. For more information and resources to protect your business and personal online security, visit www.bbb.org/cybersecrity.

Help us investigate and warn others about fraud by reporting what you know at BBB’s Scam Tracker.

 

Tags: