Boss Scam Toll Reaches $2.3 Billion In Less Than 3 Years

Image courtesy of Matt Reeve Photography

In law enforcement, they call this scam the “Business Email Compromise.” We refer to it as the “Boss Scam” or “CEO Scam.” What happens is that someone contacts a person inside a business, pretending to be the chief executive officer or other boss-like person. They ask for one of two things: a wire transfer, or personal information about the employees under the real boss’s charge. Both scams are still going strong, and a new FBI report says that the scammers have taken at least $2.3 billion since 2013.

fakemeg

So far, the scam has been reported in 79 countries and all 50 U.S. states. Since tracking began in October 2013, from this scam alone, 17,642 victims report losses of $2.3 billion, for an average of $130,370 per incident. This is all relative, of course: some individual companies have lost millions.

Compromising employee income tax data doesn’t immediately cost anything, unless the employer offers identity theft protection as an apology.

While good spam filters are useful in keeping this kind of scam out of your company’s mailboxes, remember that a successful e-mail scam uses social engineering to get into your pockets. The e-mail address itself could look authentic: perhaps the message comes from bossmeg@c0nsumerist.com or bossmeg@consumer1st.com, a fake domain name that the scammer has registered.

FBI: $2.3 Billion Lost to CEO Email Scams [Krebs on Security]
FBI Warns of Dramatic Increase in Business E-Mail Scams [FBI]