The FBI is warning people about a business email scheme which has resulted in huge losses to companies in Phoenix and other U.S. cities.

Here’s how the scam works:

A CEO seemingly emails an employee — typically in a finance or administrative role — instructing them to perform a wire transfer.

The employee follows directions and executes the wire.

Money is successfully transferred from the CEO’s company to another party.

So, what’s wrong with this picture?
Turns out the CEO didn’t send the email. The CEO’s email identity was spoofed by a cyber criminal who sent the email. E-Mail spoofing is a widespread hacker practice involving the forgery of an e-mail header.

The employee actually wired money into the hacker’s bank account (or someone affiliated with the hacker, which often times is a foreign entity).

Cyber robbery completed.

According to the FBI, the business email compromise scam — a.k.a. “B.E.C.” has already led to more than $2 billion in losses.  Losses for a single scam have been as much as $75,000.

If you receive an email (only) from your CEO or another high-ranking officer instructing you to perform a wire transfer – don’t do it. Instead, pick up the phone and dial your CEO to verify the request. Otherwise you might have B.E.C. on your face.

E Mail and Phishing Scams Explained