Computer News & Safety – Harry Waldron Rotating Header Image

July 16th, 2018:

FBI – Business email compromise of 12 billion dollars 2013-2018

The IC3 reports on an estimated $12 billion loss between 2013-2018 on a world wide basis as FBI reports below:

https://www.ic3.gov/media/2018/180712.aspx

This Public Service Announcement is an update and companion to Business E-mail Compromise (BEC) PSA 1-050417-PSA posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center (IC3) complaint information and updated statistical data for the time frame October 2013 to May 2018.

Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a sophisticated scam targeting both businesses and individuals performing wire transfer payments.  The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

The BEC/EAC scam continues to grow and evolve, targeting small, medium, and large business and personal transactions. Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses. The scam has been reported in all 50 states and in 150 countries. Victim complaints filed with the IC3 and financial sources indicate fraudulent transfers have been sent to 115 countries.

Based on the financial data, Asian banks located in China and Hong Kong remain the primary destinations of fraudulent funds; however, financial institutions in the United Kingdom, Mexico and Turkey have also been identified recently as prominent destinations.

The following BEC/EAC statistics were reported to the IC3 and are derived from multiple sources, including IC3 and international law enforcement complaint data and filings from financial institutions between October 2013 and May 2018:

Domestic and international incidents: 78,617
Domestic and international exposed dollar loss: $12,536,948,299
Total U.S. victims: 41,058
Total U.S. victims: $2,935,161,457

Amazon – Beware of fake Prime Day 2018 deals

As Amazon Prime Day 2018 is underway with extensive discounted items, users should be very careful in handing email, ads, web searches, etc. ensuring these are genuine and not scams to lure victims into fraud, malware, or personal identity attacks.  Below is example from last year sharing very similar advice and to always affirm things at the main Amazon site before proceeding

https://www.inc.com/joseph-steinberg/amazon-customers-beware-this-scam.html

A new, realistic-looking phishing campaign is targeting Amazon customers. Criminals are sending mass emails that appear to have come from Amazon and thank recipients for making purchases on Amazon’s “Prime Day” back in July. The emails then invite recipients to go to the Amazon website to “write a review” and receive a special $50 “bonus” credit for doing so.

If users click the link in the email, however, they are routed to a criminal’s clone of the Amazon site – not the real Amazon.com – and if they enter their credentials (i.e., their usernames and passwords) when prompted, a criminal will gain access to their accounts. Additionally, it is possible that the rogue site may install malware on computers or mobile devices being used to access it.

The email that I received is realistic looking – it even contains manual instructions in case one does not want to click the first link. But within the manual instructions the link to Amazon.com also routes to a bogus site – so following those instructions is not any safer.

If you ever receive an email allegedly from Amazon asking you to take any action, the safest way to do so is to ignore any links in the email and instead enter https://www.amazon.com in your web browser. If you ever receive an email that you suspect is impersonating Amazon, you should also contact Amazon using the instructions on the site’s report-phishing page.