FBI warns of business email scam

At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

Business email scams are not a new type of fraud, but they’re getting more sophisticated and difficult to spot.

From October 2013 to August 2015, business scams hit more than 7,000 U.S. companies, which lost more than $740 million, according to the FBI.

Worldwide losses topped more than $1.2 billion.

And that’s a conservative estimate. According to the website DataBreachToday.com, many of these scams go unreported.

How the scam unfolds

About 3 in 5 companies are targets of payments fraud, according to the 2015 Payments Fraud and Control Survey from the Association for Financial Professionals.

Here’s how it works. According to the FBI, most companies that have fallen victim to these business scams receive an email asking an accountant or someone else with access to corporate funds to send urgent wire transfers to foreign bank accounts.

Of course, it used to be easy to spot these scams — they were very amateur, like the Nigerian lottery scam.

But times have changed. In one case, the FBI recounted how the accountant for a company received a purported email from her CEO requesting a transfer of funds. The email, which was later shown to have come from scammers, included an “appropriate letter of authorization — including her CEO’s signature over the company’s seal…” The accountant wired $737,000 to the fraudsters.

“They know how to perpetuate the scam without raising suspicions,” said FBI Special Agent Maxwell Marker in a posting on the agency’s website about the alert.

“They have excellent tradecraft, and they do their homework. They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these emails having horrible grammar and being easily identified are largely behind us.”

These hackers also may also use malware to gain access to a company’s legitimate email threads about billing and invoices, which makes the scam email look even more authentic.

Will your business be a target?

Any company is a potential target.

Since January 2015, there has been a 270% increase in identified victims and exposed losses. And the scam has been found in all 50 states and nearly 80 countries, according to the FBI.  

The average loss reported to the Internet Crime Complaint Center is $130,000, Ellen Oliveto, an FBI analyst assigned to the center, said in the FBI alert.

So it’s wise to be cautious, regardless of how your business earns money.

What should you do?

If you’re a victim of a business email scam, report it immediately to your financial institution and the institution where the transaction was sent, the FBI says.

Then contact the FBI and file a complaint with the Internet Crime Complaint Center.

The center offers these tips to prevent fraud:

  • Be wary of using free, Web-based email accounts, which are easier to hack.
  • Be suspicious of wire transfer requests that ask for quick action or secrecy.
  • Confirm requests for transfers of funds and changes in vendor payment locations.
  • Consider a 2-step verification process for wire transfers.
  • Use an intrusion detection system for emails.
  • Register domains that are slightly different from the company domain to keep those from being used by scammers.
  • Be careful when posting financial and personal info on company websites and social media.
  • Know your customers’ habits.

And if you do personal business on your work computer, it also doesn’t hurt to keep an eye on your credit reports to make sure no one is opening unauthorized credit accounts in your name.

You can pull your credit report for free at myBankrate.