Clever Internet Scamsters Target Importers Of Foreign Goods

WASHINGTON -- The Internet Crime Complaint Center, known as IC3, has identified a new scam targeting companies doing business with overseas suppliers. Called the Business Email Compromise, the sophisticated global fraud tricks businesses into sending wire transfers into accounts of foreign banks set up by thieves. The accounts are then drained of the funds by either cash withdrawals or additional wire transfers. According to law enforcement officials, banks in China and Hong Kong are the most commonly reported destinations for the fraudulent wire transfers.

To date, the IC3 has received complaints from businesses of all sizes in every U.S. state and 45 countries. Victims in the U.S. are reported to top 1,100 with total dollar loss calculated at more than $179 million. Worldwide, the scam has reportedly taken in more than $200 million. The FBI predicts that losses will continue to grow.

Although it is not known how the victims are chosen, it is apparent that the fraudsters perform their homework prior to initiating the scam. Individuals are identified by name and the protocols required to perform wire transfers within a particular business environment are accurately mimicked.

To date, the FBI has identified three distinct versions of the scam:

1. A business, which often has a longstanding relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, fax or email. If an email is received, the scamsters will spoof the email request so it appears very similar to a legitimate account. Likewise, if a fax or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as the Bogus Invoice Scheme, the Supplier Swindle" and Invoice Modification Scheme.

2. The email accounts of high-level business executives are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing similar requests. In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank "X" for reason "Y." This particular version has also been referred to as CEO Fraud, Business Executive Scam, Masquerading and Financial Industry Wire Frauds.

3. An employee of a business has his or her personal email hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee's personal email to multiple vendors identified from this employee's contact list. The business may not become aware of the fraudulent requests until it is contacted by vendors to follow up on the status of its invoice payment.

IC3 is a collaboration between the Federal Bureau of Investigation and the National White Collar Crime Center, a nonprofit organization comprised of state, local, federal and tribal law enforcement.

Those who believe they may have been a victim of an Internet scam are encouraged to report the incident to IC3 at ic3.gov.