联邦调查局和互联网犯罪投诉中心(IC3)警告企业正在寻找成长的骗局,这欺骗了他们从看起来合理但实际上欺诈的成熟合作伙伴那里支付发票。
The FBI says the scam is a tweak of the timeworn “man-in-the-middle” scam and usually involves chief technology officers, chief financial officers, or comptrollers, receiving an e-mail via their business accounts purportedly from a vendor requesting a wire transfer to a designated bank account, the FBI said.
+More on Network World: +
In the “man-in-the-e-mail” scam, e-mails are spoofed by adding, removing, or subtly changing characters in the e-mail address that make it difficult to identify the perpetrator’s e-mail address from the legitimate address. The scheme is usually not detected until the company’s internal fraud detections alert victims to the request or company executives talk to each other to verify the transfer was made.
最近,IC3表示,它开始收到来自供应商警告的公司的相关投诉,这些投诉是使用该公司姓名收到的欺骗电子邮件,要求供应和/或供应和货物的订单和/或订单。这些欺骗的电子邮件同时发送给了多个供应商。在某些情况下,这些电子邮件可以通过IP地址链接到原始业务电子邮件折衷骗局。由于这种最新的转折是相对较新的,因此美元损失并不重大。此外,受害公司有更大的机会发现该计划,因为电子邮件发送给了多个经常跟进公司的供应商。
Based on analysis of the complaints, the scam appears to be Nigerian-based. Complaints filed contain little information about the perpetrators. However, subject information that was provided has linked to names, telephone numbers, IP addresses and bank accounts reported in previous complaints, which were tied over the years to traditional Nigerian scams, the IC3 stated.
12月,联邦调查局的西雅图分部警告说,欺诈行为受到华盛顿州的企业的影响。2013年,在贝尔维尤(Bellevue),图克维拉(Tukwila)和西雅图(Tukwila)和西雅图(Seattle)至少三个地区公司,使他们相信他们正在向中国建立的供应合作伙伴汇款。实际上,欺诈者拦截了采购公司和供应公司之间的合法电子邮件,然后欺骗了随后的电子邮件,将每个公司置于彼此之间。欺诈性电子邮件指示购买公司由于声称的审计而将付款发送到新的银行帐户。联邦调查局说,该银行帐户属于欺诈者,而不是供应公司。
Total loss experienced by the three area companies was roughly $1.65 million. The average dollar loss per victim is approximately $55,000, according to the IC3.
Some similarities found among the IC3 complaints include:
- Victims are generally from the United States, England and Canada, although there have been complaints from other countries such as Belgium.
- Victim businesses often trade internationally, usually through China.
- Victim businesses that conduct high-dollar wire transfers, so requests for larger monetary amounts are not uncommon.
- Most, but not all, victims receive the fraudulent e-mail request through AOL, Gmail, or Hotmail addresses. A few companies have reported scammers were able to access the company’s internal server.
- Transactions were traced by the victim’s fraud department to mainly banks in China or Hong Kong. However, transactions with banks in South Africa, Turkey and Japan were also reported.
The FBI offers suggestions on how businesses can avoid being taken by this e-mail fraud:
- Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
- Utilize digital signatures in e-mail accounts. Be aware that this will not work with web-based e-mail accounts, and some countries ban or limit the use of encryption.
- Avoid free, web-based e-mail. Establish a company website domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
- Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the real e-mail address is used.
- Delete spam: Immediately delete unsolicited e-mail (spam) from unknown parties. Do not open spam e-mail, click on links in the e-mail, or open attachments.
- 当心业务实践突然变化。例如,如果突然被要求在所有以前的正式信件都在公司电子邮件上时与代表在其个人电子邮件地址联系,请通过其他渠道验证您仍在与合法的业务合作伙伴进行沟通。
Follow Michael Cooney on Twitter:nwwlayer8and onFacebook
查看这些其他热门故事:
Carnegie Mellon system lets you get to the good parts of video, fast
100Mb/sec Ethernet coming to a car near you?
US intelligence agency wants brain-like algorithms for complex information processing
NASA bolsters Pluto-bound spacecraft for 2015 visit
FTC将Robocall Death Hunt带到Defcon
Mobile phone bill crammers get stuffed with $10 million property forfeiture
NASA forming $3M satellite communication, propulsion competition