Special Agent Vicki D. Anderson
March 29, 2016
FBI Warns of Rise in Schemes Targeting Businesses and Online Fraud of Financial Officers and Individuals
FBI officials and various federal and local partners warn potential victims of the business e-mail compromise scam or “B.E.C.,” a scheme targeting American businesses that has resulted in massive financial losses. Officials also warn of scams targeting victims of online fraud, to include “Operation Romeo and Juliet,” a series of cases involving American victims who are targeted when they subscribe to online dating services.
The FBI and law enforcement partners worldwide have reported dramatic increases in schemes being carried out by criminal enterprises targeting businesses and individuals in online dating and job schemes, among others.
The main scheme is known as the business e-mail compromise scheme, or B.E.C. The scheme is also known as “CEO fraud” or the “man in the middle” scheme. B.E.C. is defined as a fraud targeting businesses that regularly perform wire transfer payments. The scam is carried out when perpetrators compromise e-mail accounts through social engineering or through computer intrusion techniques to fraudulently direct electronic fund transfers.
There is no profile for victim businesses. Victims range from large corporations to tech companies, to small businesses, to non-profit organizations. The schemers conduct research to learn about the employees in a company who manage the money, as well as the protocol necessary to perform wire transfers within that business environment. In some cases, information is obtained through a phishing scheme. In others, businesses may be victims of ransomware or other cyber intrusion prior to the B.E.C attack.
Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries. From October 2013 through February 2016, law enforcement received reports from 17,642 victims. This amounted to more than $2.3 billion in losses. The overwhelming majority of victims are located in the United States. Since January 2015, we have seen a 270 percent increase in identified victims and exposed loss.
In many cases, law enforcement cannot recover funds sent overseas and may not identify the perpetrator; therefore, education and prevention are stressed.
A secondary scheme associated with B.E.C. affects victims in a much more personal way by targeting individuals for romance schemes and other online job scams. Of this subset of victims, law enforcement receives many complaints from individuals who have sought romance through online dating services, only to be convinced to either hand over money, or hand over their bank account information once they have been lied to about a relationship and have become emotionally attached. In most cases, the victims have never met the individual with whom they are communicating, but the bond they’ve established through a sophisticated grooming process can be very strong and very difficult to break.
Victims of these schemes are used as “money mules” by allowing their bank accounts to be used to transfer stolen funds. Sometimes they do this without realizing they are opening business accounts for fake corporations in their own name and that they are complicit in laundering illicit funds. These victims have lost their life savings, some have been charged criminally, and some have committed suicide based on the emotional suffering that takes place.
Tips for Businesses:
Your CFOs and employees handling monetary transactions are being targeted
Be cautious of requests for urgency and mimicked e-mail addresses
Practice multi-level authentication
Pick up the phone and verify legitimate business partners
If you’re defrauded, act quickly, contact your bank, and report to IC3.gov and law enforcement
Victims of Online Scams:
Do not send money to someone you have not met and have no reason to trust
Never provide your personal information, including your bank account information, to someone you do not know and trust
Operation Romeo and Juliet Victim Examples:
In one case, a California man, Tim, signed up for an online dating service after his mother passed away last year. The man had promised his mother that he would “find a good woman.” Within a short period of time, Tim found himself targeted by a romance scammer. Luckily, Tim worked with the FBI and helped to thwart the fraud before any transactions were made. With Tim’s assistance, a B.E.C. victim company located in Beverly Hills did not lose money. Tim’s cooperation led to the arrest on state charges of a money mule in the state of Georgia. Our Los Angeles Field Office is continuing to investigate this case and has not ruled out additional charges at the state or federal level.
Kathy, 83, met a man on a dating site and became engaged to be married, after a brief grooming process. The man had claimed to be a civil engineer from Washington State. Hodge ultimately convinced Kathy to wire him $23,000 to a bank account in Malaysia. Investigators believe the individual who defrauded Kathy is an impersonator of an actual identity theft victim with the same name. This case is also ongoing.
Versions of B.E.C. (aka Man in the Middle or CEO Fraud):
A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, fax, or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as “the bogus invoice scheme,” “the supplier swindle,” and “invoice modification scheme.”
The e-mail accounts of high-level business executives (CFO, CTO, etc.) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests. In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank “X” for reason “Y.” This particular version has also been referred to as “CEO fraud,” “business executive scam,” “masquerading,” and “financial industry wire frauds.”
An employee of a business has his/her personal e-mail hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal e-mail to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they are contacted by their vendors to follow up on the status of their invoice payment.
A fourth version of this scam has recently been identified based on victim complaints. Victims report being contacted by fraudsters, who typically identify themselves as lawyers or representatives of law firms and claim to be handling confidential or time-sensitive matters. This contact may be made via either phone or e-mail. Victims may be pressured by the fraudster to act quickly or secretly in handling the transfer of funds. This type of B.E.C. scam may occur at the end of the business day or work week or be timed to coincide with the close of business of international financial institutions.
Based on complaint data submitted to IC3, B.E.C. victims recently reported receiving fraudulent e-mails requesting either all Wage or Tax Statement (W-2) forms or a company list of Personally Identifiable Information prior to a traditional BEC incident. These fraudulent requests are usually sent utilizing a business executive’s spoofed e-mail. The entity in the business organization responsible for the W-2 and/or PII, HR, bookkeeping or auditing section, is the targeted recipient of the fraudulent request. Victims report they have fallen for the W2-PII twist even if they were able to successfully identify and avoid the traditional B.E.C. incident. The B.E.C. W2-PII twist appears to be timed for the tax season. This new twist, at this time, does not appear to link with other tax scams.
Please visit fbi.gov or the Internet Crime Complaint Center at http://www.ic3.gov to learn more about common schemes and tips for targeted victims.