January 29, 2015 By Shane Schick 2 min read

A wire payment scam that has surfaced in 45 countries and led to an estimated loss of $215 million thus far has prompted law enforcement to issue a widespread warning about what is known as the Business Email Compromise.

Tricking Employees

According to an online statement from the Internet Crime Complaint Center (IC3) and the FBI, approximately 2,000 victims were affected by this problem within a two-month period last fall. The wire payment scam, aimed at both small and large businesses, involves cybercriminals posing as suppliers or business partners of a firm and asking via an email or telephone call to have funds transferred to a fraudulent account in order to process an invoice or other form of payment. In some cases, the IC3 said, cybercriminals send messages from what appear to be the email accounts of senior management to make the payment transfer request.

Part of the challenge, of course, is that the technology being used isn’t necessarily that sophisticated: It’s simply a matter of duping busy employees who may not immediately question a request to transfer funds, especially if it’s coming from their manager or CEO. As eWEEK reported, those behind the wire payment scam likely make their messages sound extremely important or even suggest the phony business partner or supplier is ready to sue unless a payment is made.

A story on Network World added that in many cases, the cybercriminals eschew email entirely and pose as angry agents from the IRS to demand some kind of tax payment be made. Since the money often winds up at financial institutions overseas, tracking down the stolen cash may require a significant degree of cooperation among police in various geographies.

Wire Payment Scam Nothing New

Of course, as Computer Business Review pointed out, there have been variations on fraudsters using technology to fool people into opening their wallets for years. These were once called Man-in-the-Email attacks, but authorities changed the name to Business Email Compromise to reflect the corporate direction the wire payment scam has taken. It makes sense on the part of criminals: Asking an organization for tens of thousands of dollars may seem more legitimate than what you could ask of a consumer victim.

In some cases, those behind the scheme are hacking directly into business networks in order to compromise employee emails and demand payment from their partners or suppliers, NDTV reported. The only recourse, apart from a good email gateway and traditional intrusion detection tools, will be to train employees to double-check requests for major fund transfers. Some legitimate payments may be slowed down in the process, but as this type of security issue intensifies, that may just become part of the cost of doing business.

More from

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today