Phishing Attacks Being Used to Target Bank Customers
Phishing attacks are the practice of using electronic message, which appear to the receivers to be from legitimate enterprises, in order to scam unsuspecting parties. By posing as legitimate enterprises such as universities, or banks, the scammers are able to convince the receivers of phishing messages to unwittingly give up their private information, which is then used to commit identity theft and other fraudulent activities. In a recent study produced by the Internet Crime Complaint Center (“IC3”), in partnership with National White Collar Crime Center and the Federal Bureau of Investigation (“FBI”), rare data tracking evidence was released that provides a look into a specific type of phishing email scam used to generate fake wire transfers. Known as business email compromises, the scams tracked in the IC3 study focused on the use of email phishing scams to exploit the employees, vendors and suppliers of some of the U.S.’s biggest banks.
The IC3 Business Email Compromise Phishing Scams
The IC3 reports that in 2014, 1,198 U.S. persons were victims of business email compromise scams, which resulted in the loss of over $170 million. Business email compromise scams have increasingly become a pressing concern for the banking industry. This is because it has become easy for fraudsters to create email addresses that spoof those of different banks, and the solutions for email authentication are not as of yet universally implemented by U.S. banks. IC3 outlined three basic scenarios that business email compromising phishing scams may appear.
The first type involves bogus invoices, which are used to target a specific company through fraudulent faxes, emails and phone calls. In this type of bank phishing scam the correspondence will appear to be from one of the business’ suppliers, and requests that wire payments be transferred to an account that in actuality is controlled by the fraudsters.
The second type of phishing scam is more commonly referred to as CEO fraud, which involves the hacking into or other compromising of a bank’s executive employees. Through the use of the executives’ business email accounts, fraudsters send urgent transfer requests to those employees capable of quickly processing fund transfer claims.
The third type of phishing scam involves the compromising of lower level bank employees’ email accounts. These compromised email accounts are used to submit money transfer requests to their employer’s various vendors, and once again the money transferred is routed to the accounts controlled by fraudsters.
The ability to conduct such innovative email phishing scams has been aided by the enhanced availability of both analytics and data. Fraudsters can use the Internet in order to learn information about a bank’s executives, lower level employees, suppliers and vendors. From there they can determine who is in charge of conducting money transfers, and then obtain additional personal information about these employees from their social media accounts. The personal information obtained can be used to break into those same employees’ business email accounts, and the rest is history.
Do You Need Criminal Representation?
Online phishing scams that target banks are gaining traction as fraudsters use the Internet to learn pertinent info about the employees, vendors and organization framework of some of the U.S.’s biggest banks. Whenever you need legal representation or advice in a white collar criminal suit, contact South Florida criminal defense attorney Jeffrey S. Weiner, P.A. today.