Earlier this month, we published a post on how scammers tried to impersonate our CEO's email, to convince our CFO to make fraudulent payments to a compromised account. Now, the FBI has released updated statistics, showing that we are definitely not alone. As Krebs on Security reports:
"In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of $179 million in so-called business email compromise (BEC) scams, also known as “CEO fraud.” The latest figures show a marked 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than $1.2 billion, the FBI said."
And the losses from these scams are not insignificant. The FBI’s numbers indicate the average loss per company is around $100,000. But it can be significantly higher. Technology company Ubiquiti Networks disclosed in a quarterly financial report earlier this month that it suffered a $46.7 million hit because of a BEC scam.
Heightened awareness of these scams is critical for CEOs, CFOs, and anyone involved in financial decisions for an organization. But organizations have another standard at their disposal as well. By deploying the DMARC email protocol, to help identify and block spoofed emails, businesses can prevent some of these emails from getting through in the first place. DMARC has already been adopted by nearly all of the major email receivers (Google, Yahoo, etc). Organizations must start demanding that their email provider now also deploy DMARC, to help protect themselves from this growing threat.
The full account of how scammers tried to compromise our CEO's email to make fraudulent payments can be found here: http://newblog.easysol.net/ceo-gets-email-spoofed/.