Norfolk FBI warns businesses lost billions in email fraud scheme

Posted at 4:04 PM, Jan 30, 2020
and last updated 2020-01-30 21:42:49-05

HAMPTON ROADS, Va. —  Criminals targeting businesses are stealing billions of dollars from unsuspecting victims.

The FBI launched a targeted campaign to disrupt what they call "business email compromise" schemes, and now they are urging the public to watch out for warning signs.

Business Email Compromise (BEC) is a sophisticated scam targeting companies and people who have control over moving money within the organization.

Norfolk FBI reports cyber criminals stole more than $10 billion from companies over the past seven years.

Sachin Shetty is a professor at Old Dominion University and the associate director of ODU’s Virginia Modeling Analysis Simulation Center. He said criminals may send fake emails to get a person to click a bad link with malware to gather personal information.

“Once you click on the attachment, what happens is they got a back door into your computer. They’re able to inject a malicious code, and basically that software is running on your system. It’s basically tracking— it’s a spy.”

Another method is sending a fraudulent email that looks like it’s from a boss to convince someone to schedule a fake transaction.

Shetty said people should always look closely at the email address and not just the name.

“You need to click on the sender’s name to see look at the email address to see if it comes from a legitimate domain name.”

The tell-tale sign to look out for is the content of the email. Shetty said poor grammar and even an odd font style could be a giveaway that something is off.

People should have a secure password that is around 15 characters and a second form of verification, like a text message to your phone when anyone logs into your email from a new device.

Shetty said a easy way to do this is to “think of a phrase or a song lyric that means something to you… and then add some numbers or punctuation marks.”

It can be hard to tell if an email is a scam, but if you’re ever unsure, the easiest thing to do is pick up the phone and give them the requester a call.

If you end up becoming a fraud victim, immediately contact your bank and file an internet crime complaint with the FBI.

Related: How to protect personal data from online thieves