back to article Fake CEOs pilfer $2.3bn from US biz pockets in three years – Feds

Scammers have bilked American companies out of $2.3bn from 17,642 victims since 2013, the FBI has warned, and the problem is going to get worse before it gets better. Basically, the hustle works like this: miscreants pretending to be top bosses send emails to employees, particularly those handling sensitive financial …

  1. Anonymous Coward
    Anonymous Coward

    The "urgent transfer" request sent to the CFO trick?

    Yup, got a few of those and made reports to law enforcement, FWIW.

    Mails were coming from a typosquatting domain name registered at GoDaddy (useful to start a UDRP request if the company lawyer has spare time). They were even using the company logo (though the one valid before the latest rebranding) and addressing the CFO by first name. Nice.

    The problem was that the request for urgent payment into some panamian outfit was for a product that it makes no sense for our company to handle and the attached bill looked like it was coming from the printshop annex of the local shrimp&noodles stall.

    IIt all looked all a bit fishy.

    Might make sense if the CEO is not known to not perform not entirely reputable deals, so it might pass in some contexts.

    1. Anonymous Coward
      Anonymous Coward

      Re: The "urgent transfer" request sent to the CFO trick?

      I've heard the dodgyness is intentional to filter out non-gullible people.

      For example re-compressing the company logo with jpeg artefacts. Nice.

      1. Michael Wojcik Silver badge

        Re: The "urgent transfer" request sent to the CFO trick?

        I've heard the dodgyness is intentional to filter out non-gullible people.

        That's from a 2012 Cormac Herley paper, "Why do Nigerian Scammers Say They are from Nigeria?". Herley works for Microsoft Research and does a lot of work on the economics of security, particularly behavioral economics, and why what look like irrational choices by victims and attackers are often economically justifiable (for them).

        In that paper he shows that phishing is a binary classification problem, and it performs much better if the attack has enough implausible elements to weed out the less-susceptible targets.

        Herley's work is well worth reading, particularly for people who think of IT security as simply a technological matter, or an issue of training users.

        1. Anonymous Coward
          Anonymous Coward

          Re: The "urgent transfer" request sent to the CFO trick?

          Especially since the crook has to respond to and string the victim along, requiring time and effort on their part.

          Thin the herd at the front end, so you're only dealing with the abysmally stupid.

          An ad in USA Today might serve the same purpose, if you want to add the unconnected idiots to the pool.

    2. tmTM

      All down to the people in charge ultimatley

      If they operate the friendly "ask me if you have an issue", "no question is stupid" type of business then these would get flagged up, employee's would double check (just a simple phone call) before sending large amounts of money over-seas.

      If they're the kind of angry, pent-up moron who barks orders and expects people to fall in line then it's obvious this kind of scam will easily operate.

    3. Vic

      Re: The "urgent transfer" request sent to the CFO trick?

      Mails were coming from a typosquatting domain

      My email client has the ability to colour emails based upon various criteria - including the domain from which the mail comes. Typo-squatter emails don't get coloured...


  2. x 7

    anyone who pays monies at the behest of the CEO alone is an idiot.

    The request should ALSO be approved by the CFO at least

    1. Evil Auditor

      I agree. Simply send the sham request to the CFO. Done.

  3. a_yank_lurker Silver badge

    Internal Controls

    It seems like many of the scammers are trying to hit an amount that is in the sweet spot; enough to make the scam worthwhile but not enough to require running the approvals up the chain. Fake invoices and the like probably have going for decades but not always spotted or reported.

  4. Winkypop Silver badge

    Fake CEO's ?

    What is the world coming to?

    But all those Nigerian Princes, they're legit, right?

    1. Anonymous Coward
      Anonymous Coward

      Re: Fake CEO's ?

      "But all those Nigerian Princes, they're legit, right?"

      Well, mine is.

      Discretion has been called for and promised, but suffice it to say that when my small investment put up as a gesture of good will and some minor niggling sums used to grease some corrupt palms pays off : Salma Hayek, Trophy Wife, nod,nod, wink, wink.

  5. Shoot Them Later

    Fraudulent CEOs

    There was me thinking that CEO fraud was what happend when the CEO drove the company into the ground by pursuing short term stock price gains so that they can walk away from the flaming crash with all their share options nicely vested.

    Learn something new every day.

    [Icon: in your coat, stealing your wallet]

  6. Tuesday Is Soylent Green Day

    That's why every company needs to update their CEO regularly

    If they wish to remain completely secure, removing the CEO entirely is an even better solution.

  7. Robert Carnegie Silver badge

    Think twice

    if you are asked to provide "a wire fraud transfer", it may not be an authentic request.

  8. The Godfather


    Fascinated that businesses should leave themselves open to such fraud. I'll wager many of them have anti fraud processes but fail to follow them or update them. It really is a simple case of implementing a risk policy, keeping everyone in an organisation aware of it, constantly updating it and above all, ensuring everyone follows it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – and – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • Beijing-backed baddies target unpatched networking kit to attack telcos
    NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points

    State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.

    So say the United States National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which took the unusual step of issuing a joint advisory that warns allied governments, critical infrastructure operators, and private industry organizations to hurry up and fix their IT estates.

    The advisory states that network devices are the target of this campaign and lists 16 flaws – some dating back to 2017 and none more recent than April 2021 – that the three agencies rate as the most frequently exploited.

    Continue reading
  • FBI, CISA: Don't get caught in Karakurt's extortion web
    Is this gang some sort of Conti side hustle? The answer may be yes

    The Feds have warned organizations about a lesser-known extortion gang Karakurt, which demands ransoms as high as $13 million and, some cybersecurity folks say, may be linked to the notorious Conti crew.

    In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes. Here's a snippet:

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Indian authorities issue conflicting advice about biometric ID card security
    Government authority forced to backtrack warning that photocopied Aadhaar cards represent a risk

    The Unique Identification Authority of India (UIDAI) has backtracked on advice about how best to secure the "Aadhaar" national identity cards that enable access to a range of government and financial serivces.

    UIDAI promotes the cards as "a single source offline/online identity verification" for tasks ranging from passport applications, accessing social welfare schemes, opening a bank account, dispersing pensions, filing taxes or buying insurance.

    Although Bill Gates has lauded Aadhaar cards for improving access to services, the scheme has been the subject of many security-related scares as inappropriate access to personal information has sometimes been possible, UIDAI's infosec has sometimes been lax, and the biometrics captured to create citizens' records have sometimes been used for multiple individuals. Privacy concerns have also been raised over whether biometric data is properly stored and secured, if surveillance of individuals is made possible through Aadhaar, and and possible data mining of the schemes' massive data store.

    Continue reading
  • State of internet crime in Q1 2022: Bot traffic on the rise, and more
    According to this cybersecurity outfit that wants your business, anyway

    The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.

    That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like.

    The biz, which touts device and network defense software, said it came to this conclusion after analyzing "billions of sessions ... across our global network" during the first three months of the year. These sessions apparently spanned account registrations, logins, and interactions with financial, ecommerce, travel, social media, gaming, and entertainment services. Take all these numbers with a grain of salt as ultimately Arkose wants you to buy its stuff to prevent all this kind of crime.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022