As a business owner you have probably seen your share of phishing and other email scams. You may even think you can spot just about any dangerous email.
Unfortunately, scammers are constantly refining their craft and the FBI says one of the latest versions – know as “whaling” or “business email compromise” has been phenomenally successful throughout the country and resulted in a three-year loss total of more than $2.3 billion.
Unlike many scams in which the same email is sent out to millions, the business email compromise targets business owners and top business executives specifically. In addition, the scammers find out information that is unique to the particular company that’s been chosen – everything from internal phone lines, to correct titles and language regularly used by company officials.
The email will often appear to come from a trusted vendor requesting a wire transfer – a request that is not unusual or not obviously out of line for that company, according to federal investigators.
Victims have come forward from every state in the U.S. and a total of 79 countries. While the scam has been around since 2013, the number of victims has increased by 270 percent since January 2015.
The FBI recommends all businesses implement policies that require multiple authorizations before any wire transfer is allowed. That authorization should include telephone confirmation.
The scammers are thought to be part of organized crime groups in Africa, Eastern Europe and the Middle East. Businesses of all types are potential targets, particularly if it is not unusual for that business to wire payments to suppliers overseas.
There are different versions of whaling, and in one version, the email account of a company owner is taken over and used to make wire requests to other employees of the company. In addition to adding a second layer of authorization, the FBI says any new bank account used by a supplier or customer should be scrutinized and confirmed.