This series will go over these four major parts:
- What’s happening
- How the scam works
- Why the scam is so successful
- How to fight it
I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.
What has been happening? Federal authorities and researchers in recent weeks issued warnings about a new form of attack, which involves hackers infiltrating e-mail networks, perpetrates fraud and cyber espionage says enterprise fraud prevention officer Pollino from Bank of the West. An increasing number of companies have fallen victim to wire transfer scams costing over $1 billion in just the last 18 months. Yes, a billion with a B. This is according to the US Secret Service. The scams have been perpetrated using fake e-mails from senior executives of the companies or phony vendor e-mails.
And how big could it possibly be? In 2013, the US Secret Service has counted more than 2000 corporate victims. In a recent interview with the Information Security Media Group, Pollino explains why Bank of the West has labeled the new attack scheme as masquerading. Masquerading, as the Bank of the West defines it, involves the takeover of a C-level executive’s e-mail account, usually through a network attack and these attacks are waged against the bank’s commercial customers. That’s us, corporate companies, corporate users, not the bank itself. But the attacks may include spear phishing and/or hacking to take over a legitimate e-mail account. Hackers can also create similar domains so that fraudulent e-mails sent from that domain appear in a glance to be legitimate. On the next part of the series, we look closely at how these attacks actually work.
Public and private companies of all sizes have been affected by the scam. Companies with international business dealings are more likely to be targeted because they do business through wires and they have international business dealings. And as you can see on the graph below, the US has the majority of the cases at 56%.Not only that, keep in mind that some of the 44% also involves companies that are US subsidiaries and US corporate headquarters are sending money to subsidiaries or doing business in those areas.
Who has it been happening to and why should you care?
Xoom, a public company based in San Francisco is one of the bigger companies to have fallen victim to this scam. The company which has been acquired by PayPal last year released an 8-K disclosure admitting that they have been a victim of a scam. Part of the 8-K form states:
“On December 30, 2014, Xoom Corporation (the “Company”) determined that it had been the victim of a criminal fraud. The incident involved employee impersonation and fraudulent requests targeting the Company’s finance department, resulting in the transfer of $30.8 million in corporate cash to overseas accounts. As a result, the Company expects to record a one-time charge of $30.8 million in its fourth quarter of 2014. The Company believes that no customer data was involved nor was any customer’s money involved in this matter and the Company’s systems were not impacted. While this matter will result in some additional near-term expenses, the Company does not expect this incident to otherwise have a material impact on its business.”
“On January 2, January 3, and January 4, 2015, the Company’s audit committee met to discuss the matter and authorized an independent investigation, to be assisted by outside advisors. While the Company has internal controls in place and has implemented additional internal procedures, its audit committee and advisors are reviewing these controls and processes as part of the investigation. The Company has contacted federal law enforcement authorities who are actively pursuing a multi-agency criminal investigation. The Company may be limited in what information it can disclose due to the ongoing investigation.”
(2015, January 7) Federman & Sherwood Investigates Xoom Corporation For Possible Violations of Federal Securities Laws retrieved from:
Another company that has fallen victim to fraud is Ubiquiti Networks, a manufacturer of high-performance networking technology for service providers and enterprises. The company located in San Jose, Arizona also reported a loss of more than 30 million dollars due to wire fraud. The 8-K filing states:
“On June 5, 2015, the Company determined that it had been the victim of a criminal fraud. The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties. As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred. Furthermore, an additional $6.8 million of the amounts transferred are currently subject to legal injunction and reasonably expected to be recovered by the Company in due course. The Company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with U.S. federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation.”
(2015,August 6) FORM 8-K retrieved from:
We hear more often of scams involving smaller amounts. This is simply because smaller dollar transfers are slightly less scrutinized than bigger ones. The two cases above shows highly scrutinized large dollar amounts are still vulnerable from fraud attacks. These cases tell us what is truly happening.
In the next part of the series, we will breakdown how this scam works so you can understand it better.
Reference:(2015, January 7)Federman & Sherwood Investigates Xoom Corporation For Possible Violations of Federal Securities Laws retrieved from:
http://mobile.reuters.com/article/idUSnBw075805a+100+BSW20150107 (2015,August 6)FORM 8-K retrieved from: