One year after first alerting us to a scam known as Business Email Compromise, the FBI invited us back because the problem is growing.
A scammer or hacker studies the ins and outs of a firm, then sends a phishing email to the chief financial officer, controller or bookkeeper in a company. Once the victim opens it, the scammer is now inside a company's computer system.
"They've defeated your cyber security and internal business processes for paying bills and they are off to the races," Special Agent-In-Charge Randy Thysse said.
The phishing email leads to a fake invoice file. It might seem like a routine transaction or bill to the company's financial person. However, a hacker has likely altered the routing number. With just a click or two, off goes the money, often times a long ways away to places like Nigeria. Agent Thysee noted, "It's a huge problem and it's growing. "
Agent Thysse told us in just the past year and a half, there have been at least twelve cases in Omaha in which companies were duped, money was lost. Nationwide, The FBI's Internet Complaint Center, IC3.gov, has seen more than 60 million hits or interests in the last couple years.
So here are three ways a company can keep from getting scammed. First, be very leery of suspicious emails. The scammers are relentless in their phishing. Number two, the financial person should change passwords often, making hacking more difficult. Number three, a firm's financial person should always have a verbal conversation with somebody else in management, before transferring any large amount of money.