The latest phishing targets aren't individuals anymore, they're entire companies. Crooks hijack the email account of a company's CEO or a high-ranking executive and then try to extract as much money as they can until they get busted.
We're finding out about these scams because of the newly-formed Internet Crime Complaint Center. The organization is the result of a collaboration between the FBI and the National White Collar Crime Center.
Here's how it works: Scammers will figure out a way to hijack a CEO's email account. They then use the account to request a wire transfer from an employee with access to the company's finances for a seemingly-legitimate reason.
Hackers don't pull off these scams through computer know-how alone, they're learning how to observe and exploit their targets to maximize profit.
The Internet Crime Complaint Center estimates that corporate email scams have cost companies $215 million. Here's the breakdown:
The IC3's information leads me to think that the crook's success comes from their careful planning and clever mind games. Most hacks usually just involve sticking a USB port into the right drive, but this hack requires research and timing.
The IC3's alert about these attacks seems to agree:
Fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed. The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive ‘phishing’ e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc).
The IC3 recommends enabling two-factor authentication to fight these attacks. Enabling two-factor authentication is easy and keeps your accounts secure.