Could one keystroke cost you $200,000? That happened to a homebuyer who didn't spot a misspelling in a fraudulent email address
Call it the Case of the $200,000 Typo.
A cybercriminal created an email address that was one subtle keystroke different from the email address of a real estate title company. The fraudster then emailed a homebuyer from that similar email address – example@ABCtltle.com instead of the legitimate example@ABCtitle.com. (See the tiny difference in the word title?) Accustomed to receiving emails from the title company, the homebuyer followed instructions in the email and wired the down payment for a house – to the criminal.
“The funds were quickly routed out of the country before the victim realized it, and before they could report it to us,” says FBI Special Agent Kelsey Harris. “The loss in that incident was close to $200,000.”
Would you have caught that typo? Many people do not. In 2018, the FBI received 20,373 complaints of criminal email compromises with losses of over $1.2 billion, making it the most costly form of cybercrime. As in this case, the scam is frequently carried out when a criminal compromises legitimate business email accounts and then emails consumers or businesses to steal money or data. The business emails that are compromised are used to commit crimes – sometimes on an enormous scale.
A gang of Chinese fraudsters recently stole $18.6 million from an Italian company by convincing local managers in India that the money was needed for an acquisition, according to Indian police quoted in the Times of India. In another case, a group of online scammers generated a list of 50,000 top executives to target in their schemes, ZDNet reported.
Special Agent Harris said email compromise fraud has been the most expensive cybercrime for the past few years reported to the FBI’s Internet Crime Complaint Center. Most of the criminals in these cases are based outside the U.S., he said. “The criminals employ money mules here in the U.S. to open bank accounts to receive the fraudulent proceeds. The mules then wire the funds to the criminals.”
In a case such as the typo, the FBI urges consumers to look closely at email addresses and all parts of a suspicious email. “Don’t just look at the title of an email and accept it at face value,” Harris says. “Study the actual email address.” Even an email that appears to legitimately ask you to make a payment could be a scam. Calling the company from a previous bill or a number on their website to verify what’s in the email is a good idea. If you think you may have been victimized in a BEC scheme, you can also file a complaint with the IC3.
The FBI suggests businesses take these approaches:
“The more resources companies invest in IT Security, the better off they have been,” Harris said.
Avast Email Security protects your business by filtering inbound, outbound, and internal email for spam and viruses, which are then removed and the messages indexed and encrypted. Emails that are sent un-encrypted can be automatically encrypted, re-routed, or blocked if they do not comply with the company’s encryption policy. Learn more here.
We examine Zero Trust Network Access and explain how businesses can make the shift away from legacy corporate VPN solutions.
We all know what Windows is, but what about the different types? Learn what Windows Server is and how it differs from desktop versions of Windows.