Wall Street Journal (07/29/15) Simon, Ruth
In what is known as “corporate account takeover” or “business email fraud,” many cybercriminals use publicly available information and flawed email systems to trick businesses into transferring money into fraudulent bank accounts. Malicious computer software can allow criminals to collect passwords to email systems, and then to falsify wire-transfer instructions. Although companies of all sizes have been targeted by these scams, small businesses are especially vulnerable because they lack the budget for security and investigations. Some insurers now offer “social engineering fraud” coverage as an add-on to standard crime policies. The schemes cost companies more than $1 billion from October 2013 through June 2015, the FBI reports, based on complaints from businesses in 64 countries. A recent advisory says that the FBI's Dallas office identified six Nigerians who had targeted about 25 local companies with emails that appeared to come from the companies' high-level executives. A spokeswoman for Nacha, the industry-run group overseeing ACH transactions, says that businesses are strongly advised to “work together with their financial institutions to understand and use sound business practices to prevent and mitigate the risk of corporate account takeover.”