Man-In-The-E-Mail Scam

The FBI and Internet Crime Complaint Center (IC3) have issued a warning to businesses that a scam known as the "Man-in-the-E-Mail" is escalating. Chief Technology Officers, Chief Finance Officers and Comptrollers need to be most aware of this new scam and are warned to implement a security system in order to protect their businesses from being targeted. 

The "Man-in-the-E-Mail" scam works in such a way that a business will receive an email via a business account that is purportedly from a well-known, commonly used vendor requiring a wire transfer to a designated bank account. These emails though, are spoofed addresses that have either added, removed or subtly changed the characters from the original address. Many times these spoofed emails have gone unnoticed until fraud detection alerts the victims or executives from each company talk to each other to verify the transactions have been transferred and completed. 

IC3 has received complaints from companies that were alerted by their suppliers about spoofed e-mails received using the company's name to request quotes and/or orders for supplies and goods. Luckily, because this is relatively new and these emails are being sent to multiple suppliers who follow up with the companies whose emails have been spoofed and used to send out these requests, the companies have been able to discover the scam before any major transfers or orders take place. 

What the FBI and IC3 know so far is that the scams seem to be Nigerian based. They also know that the fraudsters are intercepting legitimate emails between the purchase and supply companies, which then can be taken and spoofed to impersonate each company’s real addresses. Another tip to know is that these companies being scammed are asked to send the wired transfer to a new bank account, usually to fraudulent bank accounts in China, Hong Kong, South Africa, Turkey or Japan, due to a "purported audit." 

The IC3 have offered tips to try and help businesses protect themselves from these scams:

-Make calls to insure these are legitimate emails and requests being made. 

-Utilize digital signatures in e-mail accounts

-Use a website domain email account rather than a free web-based account

-Do not hit reply when answering emails, but rather forward it and then type in the email address yourself

-delete all spam

-stay aware of any sudden changes in the company, including who you are still or no longer doing business with, and which companies are most commonly worked with etc. 

These scams are typically used against companies who commonly make very large transfers, so in order to protect your business, heed this advice and make sure your business is safe!

To read the full article, click here.