https://www.eweek.com/security/fbi-email-enterprises-scam

When the FBI released its 2018 Internet Crime Report on April 22, one topic appeared as the very first of the hot topics that should give business leaders reason to pause. There, as the first of the report’s hot topics, was Business Email Compromise. This is a type of scam that’s specifically aimed at businesses or other organizations that depend on employees’ unquestioning obedience to their supervisors.

The way the Business Email Compromise scam works is that the criminals create an email that appears to be real, which then directs someone in the financial departments of the target organization to send a large payment, usually via a wire transfer, to an account owned by the criminals. But as you might expect, there’s a lot more to it than that.

First, the scammers pick out a victim. Normally it’s a company (or sometimes a non-profit) that has a large enough staff that there’s a hierarchy of responsibilities. Beyond that, the size of the business doesn’t necessarily matter, as is demonstrated by the FBI statistics that show businesses of all sizes being targeted.  Once the target organization is selected, the scammers go to work studying the operations and the staff of the company. They will use public information to determine who the senior executives are, what their contact information is and who reports to them. 

Scammers Look for When Execs Travel — Then they will look for information, either public or in emails, to learn the movements of the organization’s senior executives. Then, normally when the CEO is on travel, they strike.  “There’s usually an urgent email from the CEO or CFO asking for an immediate transfer of funds,” explains Colin Bastable, CEO of Lucy Security.