The FBI's Boston Division is warning of a dramatic rise in business email compromise scams, saying $33 million has been stolen from 370 New England residents in the past three years alone.
The victims from Massachusetts, Maine, New Hampshire and Rhode Island have reported losses ranging from $500 to $5.9 million, with the average loss being $90,000. Globally, more than $3.1 billion in losses have been reported.
Annie Blatz is a real estate broker who has been targeted several times by business email compromise scams.
In one case an online scammer created an email address very similar to the agent and sent the buyer an urgent message.
"You feel totally violated. We had one case where $100,000 was stolen," Blatz said. "(they) requested they wire their money or purchases of a home to a different bank account than what we had previously given them. And the money went astray to some foreign account."
So far, the FBI's Boston Division has facilitated the return of about $13 million, with millions more frozen and in the process of being returned.
The FBI said this is one of the fastest-growing schemes they've seen in recent years.
U.S. & World
"The perpetrators leave a long wake of financial and emotional damage, stealing money from businesses, leaving them unable to pay bills; and from families in the process of buying a home, all but erasing their dreams of home ownership," said Harold Shaw, special agent in charge of the FBI Boston Division.
According to the FBI, the scammers forge a company email or use social engineering to assume the identity of the CEO, a trusted vendor, or a person in a position of authority within the company. They research employees who manage money and then request a wire transfer to an account controlled by them. Common targets include real estate agents, title companies and atorneys in the midst of real estate transactions, bookkeepers, accountants, controllers and chief financial officers.
The scammers - believed to be members of international organized crime groups - primarily target businesses that work with foreign suppliers or regularly perform wire transfers.
Some individuals have reported being a victim of various cyber intrusions just before a business email compromise incident, often through a scam in which a victim receives an email from a seemingly legitimate source that contains a malicious link. Clicking on the link downloads malware, which gives the perpetrators access to the victim's data, including passwords or financial account information.
Anyone who thinks they might have been victimized by this type of scam is urged to contact their financial institution immediately and file a complaint with the FBI's Internet Crime Complaint Center.
"As devastating as this crime is, it's equally easy to thwart," Shaw said. "We must all develop the habit of verifying the authenticity of emailed requests to send money."