The “CEO scam” that’s cost businesses $2.8 billion in two years
Tuesday, March 1, 2016/
An email scam that involves cyber criminals impersonating chief executives is estimated to have cost businesses across the globe more than $2.8 billion in the past two years, according to the US Federal Bureau of Investigation.
Fairfax reports the FBI has seen a marked increase in what it calls “business email crime” or “CEO fraud”, with more than 12,000 victims affected globally since October 2013.
The scam typically involves a criminal copying a chief executive’s email account and then sending an email to a company employee asking them to transfer money to an overseas bank account.
Companies are losing an average of US$120,000 ($167,820) each, with some companies losing as much as US$90 million USD, according to Fairfax.
Although there are similarities between different “CEO fraud” schemes, it is not clear if there is a dominant global ring, the FBI said.
Photo sharing app Snapchat is one of the latest companies to fall prey to the scam, with the company explaining how it fell victim to the scam in a blog post on Friday.
Although Snapchat’s servers and users’ data was not breached, a number of Snapchat employees have had their identity compromised and some payroll information revealed.
The Snapchat payroll department received an email from a scammer impersonating the chief executive and requesting employee payroll information.
The email was not recognised as scam and payroll information about some current and former employees was disclosed externally to the scammer.
Snapchat has said they are “impossibly sorry” and reported the incident to the FBI within four hours of the scam taking place.
“We began sorting through which employees–current and past–may have been affected. And we have since contacted the affected employees and have offered them two years of free identity-theft insurance and monitoring,” Snapchat said.
“Our hope is that we never have to write a blog post like this again.”
“When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks,” the company added.