- The trailer for the final episodes of ‘Unbreakable Kimmy Schmidt’ is here Today 1:52 AM
- Guy gets roasted for throwing razor in the toilet to protest Gillette Wednesday 9:23 PM
- Experts warn of uptick in ‘Ryuk’ ransomware after hackers net $3.7 million Wednesday 7:03 PM
- Video game composer boycotts Gillette after anti-toxic masculinity ad Wednesday 6:05 PM
- Steve Carell sitcom ‘Space Force’ heading to Netflix Wednesday 5:30 PM
- Ocasio-Cortez’s ‘run train’ phrase becomes conservative sex controversy Wednesday 5:25 PM
- ‘Into’ is a reminder that queer businesses can be hurt by straight leaders Wednesday 5:13 PM
- TSA agents are the latest tool in the government shutdown meme war Wednesday 4:22 PM
- YouTube still hosting bestiality images year after crackdown pledge Wednesday 4:13 PM
- YouTuber quits fight after Darth Vader fan film claimed by Disney Wednesday 3:26 PM
- Millions of Fortnite accounts exposed via Epic Games website exploit Wednesday 2:26 PM
- A man found a camera in his Airbnb and the company didn’t seem to care Wednesday 2:00 PM
- A redditor planted an Easter egg in Hulu’s Fyre Fest doc Wednesday 1:51 PM
- This new revelation about Woody from ‘Toy Story’ will blow your mind Wednesday 1:35 PM
- Dave Rubin fails to delete Patreon on livestream to delete Patreon Wednesday 1:14 PM
Phishing scams are going big time.
Email scammers have moved into the big leagues.
Everyone gets phishing emails—messages purportedly from a friend or relative but actually from a scammer—but rarely do they cost people hundreds of thousands of dollars. Now that some hackers are focusing their phishing attempts on corporations, however, the stakes are much higher.
Fraudulent wire transfers due to falsified information or stolen credentials cost businesses more than $1 billion in the year and a half from October 2013 to June 2015, according to the Wall Street Journal. Some of these schemes combine the basic phishing techniques affecting countless Internet users every day with the more devious methods deployed to steal sensitive data from major corporations.
“Once the thieves have your personal information, they can use it to open credit accounts, buy homes, claim tax refunds, and commit other types of fraud.”
The Federal Bureau of Investigation issued an alert in January about the Business Email Compromise, “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” The FBI said that almost 1,200 U.S. companies had fallen victim to the scheme between October 2013 and December 2014.
In one example, Crowdstrike, a cybersecurity firm, investigated a misdirected wire transfer from Mega Metals, Inc., that was supposed to go to a German company selling titanium shavings but instead went to an unknown third party.
Crowdstrike CEO George Kurtz told the Journal that the thieves put spyware on the computer of Mega Metals’ broker to steal the passwords necessary to fake a wire transfer.
The Journal also found instances of criminals modifying the routing information on real wire transfers to steal the money.
When private citizens use weak security to protect their email and bank accounts, they risk being robbed by criminals or hacked to facilitate what’s known as social engineering. The latter technique, in which hackers impersonate one victim to fool another, often achieves results through human error even when the second victim is using robust security methods. Some insurance companies, WSJ reported, are now offering fraud protection specifically for losses related to social engineering.
The Social Security Administration has warned recipients about a new scam in which “identity thieves pose as Government officials in an attempt to convince you to provide personal and financial information.”
“Once the thieves have your personal information,” the SSA’s inspector general said, “they can use it to open credit accounts, buy homes, claim tax refunds, and commit other types of fraud.”
If criminals impersonate a trusted third party convincingly enough, the consequences for individuals can be devastating. The consequences for corporations like construction firms—to say nothing of defense contractors or government agencies—can be far worse.
While large companies typically have the security budgets to accommodate robust protections—even if they aren’t always smart enough to deploy them—the criminals hijacking wire transfers have found small businesses to be riper targets.
“They don’t have the same budgets for security and investigations,” Brian Hussey, global director of incident response at cybersecurity company Trustwave Holdings, told the Journal.
The Business Email Compromise often targets open-source email clients that typically have weaker security than systems designed for corporate use, the FBI said in its January alert.
Among the markers of BEC scams was the fact that “fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed.” That suggests a level of coordination beyond the blind phishing emails from Nigerian scammers to which most Internet users are accustomed.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.