Online criminals are stealing millions from unsuspecting companies, with a scam based around faking email messages from company directors.
The spoofed messages ask finance staff to immediately pay a supplier on behalf of the chief executive as they are currently out of the office and unavailable to do so themselves.
Experts have called this scam a Whale fraud as it targets a ‘big fish’, as opposed to a phishing scam which targets lots of individuals.
“The focused attacks by criminals are increasing because they have realised they can make a bigger pay-off than they can from many thousands of smaller attacks,” BAE head of threat intelligence Adrian Nish said.
There has been a concerning number of businesses falling for this scam as of late, a US technology company Ubiquiti Networks has now admitted that they have lost $47 million in this way.
According to reports the scammers continue to pester the finance department to transfer the money even if the fraudulent attempt has been noted.
Last week the UK’s NCC Group made it public that it too was targeted by the ‘whaling fraud’. The company has said that emails had been sent from a group that had registered a domain very similar to the firm’s actual domain.
“It’s becoming a big problem,” he said, “especially for small companies that do not have the bodies to look into all the emails.
“The bad guys might only be after $100,000, but for a smaller company that’s a lot of money,” said Ben Johnson, chief security strategist at Bit 9.