2 Investigators: Theft By 'Business Email Compromise'
(CBS) – It's a scam that has cost businesses more than $2 billion. As CBS 2 Investigator Pam Zekman reports, it's hitting both large and small companies.
"It was bad, very bad," Chicago businessman Amit Diamond says.
He imports metal-cutting machinery from Taiwan. His email system was apparently hacked by scammers who monitor business emails and then try to redirect payments to their own accounts.
Diamond thought the money transfer request was from his longtime supplier in Taiwan, which he regularly emailed. He did not notice a subtle change in the supplier's email address. The scammer left out an "i" from the real email address; it looked the same except for that one small difference.
"Unless you got a magnifying glass, I don't know how you're going to see it," Diamond says.
Instead of going to the supplier's regular bank in Taiwan, the $326,000 due to the supplier was wired to a scammers' bank account in Singapore.
The FBI has issued warnings about this scam. They call it "business email compromise." BEC scams target businesses working with foreign suppliers or companies that regularly make wire-transfer payments. More than 17,000 companies have been victimized since the FBI began tracking it in 2013. Most are U.S. companies.
"Most of the banks that the money gets wired to tend to be in Asia, they tend to be in China," explains Eric Shiffman, FBI special agent supervisor of the Chicago cybercrimes division.
That's what happened to Mattel, the makers of the Barbie doll. They were tricked by a scammer posing as a company executive authorizing a finance officer to wire $3 million to a fake account in China.
"It's a lot easier than robbing a bank," Shiffman says.
The FBI believes organized crime groups from Africa, Eastern Europe and the Middle East are behind these scams.
Recently, some scammers have been caught, like Colvis Amue. The Nigerian national is accused of scamming 17 companies out of more than $615,000.
And, Evaldas Rimasaukas, was arrested in Lithuania for tricking Facebook and Google employees to wire more than $100 million over three years for computer hardware.
Diamond says he's just a little guy compared to those large companies and could not sustain the loss of more than $300,000.
Last week, after seven frustrating months dealing with the Singapore police, courts and banks -- and with the help of an attorney -- Diamond got the money back and plans to forward it to his real supplier.
Spokespersons for Mattel, Google and Facebook say they also got their money back by immediately contacting authorities to stop the fund transfers. The FBI says that does not happen very often. To prevent all this, experts say, companies should watch carefully for altered email addresses and verify changes in vendor payment locations.
For more information, click here.