In the infancy of cybercrimes, scammers sent emails to inexperienced computer users that were often riddled with typos and language that suggested the sender was from outside the U.S.
Today’s scams, however, are sophisticated frauds that cost American businesses and individuals billions of dollars a year, federal investigators say.
Estimated losses have soared in recent years from scams known as business-email compromises, in which swindlers con victims into directing money into accounts controlled by criminals. In 2019, the Federal Bureau of Investigation received 23,775 complaints of business-email and email-account compromises, up from 20,373 the prior year.
Annual estimated losses increased too, rising from $1.2 billion in 2018 to more than $1.7 billion in 2019, the FBI said.
“Now the actors involved are a lot more sophisticated, and share intelligence and organized networks,” said Michael Driscoll, special agent in charge of the cyber-and-counterintelligence division of the FBI’s New York office.
Business-email scams first appeared on the bureau’s radar about a decade ago. Back then, the scams tended to be relatively simple, designed to imitate an email from a chief executive asking an employee to transfer money.
Over the years, the scams shifted.
Perpetrators targeted personal email addresses in 2014, pretended to be lawyers in 2015, then moved on to requests for tax information and targeting real-estate transactions.
One new iteration, federal officials said, involves fake requests to divert payroll funds. In this scam, someone in a business’s payroll or human-resources department receives an email purporting to be from an employee. The email asks to update direct-deposit information for that pay period, which then goes into an account controlled by a swindler.
The scams also have shifted from using spoofed emails, often sent from an address similar to one within the company, to the actual hacking of accounts, said an attorney who represents victims of the scheme.
“The email gets hacked, and the bad guys can step into the email threads,” said the attorney and former cybercrime prosecutor. “This is no longer a situation where some person who wasn’t paying close attention got duped.”
Source: Wall Street Journal