"We received a briefing by FBI that there have been 78 different attacks at institutions and some of those were universities," said Southern Oregon University spokesman Joe Mosley. "We're not alone." Mosley is right. He's not alone. And it's not just educational establishments that are in the firing line of criminals committing business email compromise. Firms such as cable manufacturer Leoni and tech firm Ubiquiti Networks are among those that have lost tens of millions of dollars through similar scams. Indeed last year the FBI reported that corporations had handed over more than three billion dollars to fraudsters because of business email compromise attacks. Good advice on how to introduce best practices and reduce the chances of your organization becoming the next victim of business email compromise is contained in this FBI advisory. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- The scammer, posing as an established vendor, sends an e-mail to the university’s accounting office with bank account changes to be used for future payments.
- Typically, it is an individual purporting to be from a construction company with which the university has an existing business relationship.
- The scammer often spoofs the actual e-mail address of the company with a similar domain. For example, if the actual domain is abcbuilders.com, the scammer might register and use abc-builders.com to send the e-mail.
- The university sends their next payment to the scammer’s bank account, and the money is often unrecoverable by the time the university realizes they have been the victim of fraud.