ADVISORY COLUMN: INSURANCE HELPLINE
Cyber scammers, says Philadelphia journalist Jared Shelly, tricked leading US tech companies, Facebook and Google, into “wiring away millions by simply asking for the money via email”.
The main perpetrator, a Lithuanian man – according to Risk & Insurance − and his associates, posed as a Taiwanese company.
Unlike local scammers who prey mostly on US retired persons and use tricks and threats to get money from targets, these criminals operated with simplicity and style. Invoices were sent to the two companies along with the emails. The companies paid. The mastermind has pleaded guilty to stealing more than US100 million.
In an article about incident, The New York Times reported that: “After money was wired from the tech companies to the bank accounts in Cyprus and Latvia, the Justice Department said in its statement, the Lithuanian “caused the stolen funds to be quickly wired into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong”.
The statement added that he also helped to supply banks with forged documents to explain the large transfers of money.
“If the biggest tech companies in the world can succumb to cyber scams, so can you,” wrote Shelly. “It’s likely that Facebook and Google employ some of the greatest minds in cybersecurity — yet a simple scheme like this one was still remarkably effective”.
Phishing attacks like those to which the tech giants were subject, are not confined to the United States. Dr Monophia Hewling, head of Jamaica’s Cyber Incident Response Team, JaCIRT, confirmed this at a cybersecurity awareness day event last October. A local company paid US$25,000 to another company. It discovered later that the recipient had used a fake domain name for the transaction.
Business email compromise, BEC, according Shelly, quoting the Federal Bureau of Investigations, “has increased 1,300 percent since January 2015”. Losses exceed US$3 billion.
“BEC schemes are sophisticated scams targeting businesses that regularly authorize wire transfer payments via email. Scammers spoof company email or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting. Then they request a wire fraud transfer using dollar amounts that lend legitimacy.”
Leave A Comment