Online:
Visits:
Stories:
Profile image
By Dickinson Mackaman Tyler & Hagen PC
Contributor profile | More stories
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

FBI is chasing ghosts: Email ghosting is on the rise

Thursday, April 21, 2016 10:44
% of readers think this story is Fact. Add your two cents.

(Before It's News)

In a news release earlier this month, the FBI warned consumers and businesses about the growing threat posed by business email compromise (BEC) scams.

This blog has previously discussed the risks posed by email ghosting—an alternative term for BEC scams. In this kind of attack, cyberattackers will either create a spoof email address that closely mirrors a real email address of a member of an organization, or infiltrate a company’s email system. In either case the cyberattacker’s goal is to send emails that convince employees to disclose confidential information or initiate a funds transfer to the cyberattacker’s bank account.

The FBI released some startling statistics about the prevalence of this kind of attack:

  • Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries.
  • From October 2013 through February 2016, law enforcement received reports from 17,642 victims.
  • This amounted to more than $2.3 billion in losses.
  • Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss.
  • In Arizona the average loss per scam is between $25,000 and $75,000.

Organizations may find that when one of these attacks causes financial loss there is no source of recovery. For example, this blog has discussed how employee conduct could prevent claims to insurers. If an employee is fooled by one of these attacks and sends money to cyberattackers an insurance carrier might not be legally obligated to reimburse the organization.

Banks may also not be required to reimburse an organization if the bank did everything it was supposed to do. This blog has extensively discussed the rules governing liability for businesses after a cyberattack. If an email ghost convinces an organization’s accountant to wire funds abroad and the accountant provides all of the required authentication information to the bank then the bank will likely not be obligated to reimburse for a cyberattack.

Email ghosting scams can take advantage of employees’ tendency to follow instructions, so it is important to make sure that every organization has developed policies and procedures that will help mitigate the risk posed by email ghosting scams. For example, organizations can require employees to confirm orders to send money with a phone call. The FBI recommends that organizations report any examples of these and other kinds of cyberattacks to the FBI’s Internet Crime Complaint Center. Organizations should identify the weak points in their hierarchy to determine whether an email ghosting scam could succeed.

The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.



Source: http://www.dickinsonlaw.com/2016/04/fbi-chasing-ghosts-email-ghosting-rise/

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.