RICHMOND, Va. (WWBT) – Cybercriminals are getting so cunning that even major universities like Virginia Commonwealth University can be duped into giving up thousands of dollars in a wire fraud scheme.
Nigerian cybercriminals achieved Business Email Compromise (BEC) by finding a provider that a company or business regularly deals with. In VCU’s case, it was a construction company with which the university had an ongoing contract.
In this type of email fraud, fraudsters must create an email address that looks convincing enough to be the company they are posing as to leverage existing email chains to provide an extra level of trust. From there, they just have to play the long game. Nigerians in this particular scam used this method to bleed various institutions out of millions.
VCU lost nearly $500,000, but came out much better than the other victims in this case. According to the FBI, a university in North Carolina sent almost $2 million to scammers in the same scheme. In Texas, a Houston-based university, a construction company and government entities lost a combined total of more than $3 million.
While it may seem unlikely that a university could fall victim to BECs, cyber expert Alex Nette says there’s so much cash flowing in that some accountants might not think twice about wiring the money. Scammers know this, and that’s why they take advantage of it.
“As long as you’re using the Internet, you’re at risk. Whether it’s a business, a university, or just your family at home,” Nette said. “What we focus on as a company is how to keep your information safe online for both businesses and consumers.”
Nette, CEO of digital security firm Hive Systems in Richmond, says no person or company is too big or too small to fall for these schemes as long as there are vulnerabilities in your information.
“The best thing about the Internet is that it connects us all, but the worst thing about the Internet is that it connects us all,” Nette said. “The biggest thing working against us right now is the speed at which we do business.”
Nette says scammers are hiding behind a screen here or elsewhere, just waiting for you to let your guard down. But he says we can stop these criminals by simply picking up the phone to verify you’re dealing with a real company.
“Call that company. Say, ‘I just got an email from you, and I’d like to confirm that there’s a new place I should be transferring money to…'” Nette said. “Take all that information and stop this cycle of abuse just picking up the phone can only make this less of a problem for all of us.”
In VCU’s case, a university spokesman said through insurance, the university was able to recover a significant amount of the money and that additional safeguards were put in place to protect against this type of fraud. But Nette says a simple phone call could have made all the difference in making sure the college didn’t lose anything.
BEC scammers may also try to impersonate a person by hacking their information and impersonating the victim in their contacts, taking advantage of the victim’s trust in email to trick their loved ones or co-workers.
Nette says you should also protect yourself against this method by making sure you don’t use the same password for multiple accounts and by setting up two-step authentication to access your accounts.
“No one is safe, and that’s the biggest idea behind cybersecurity,” Nette said.
While the lost money for VCU and the other victims of the $5 million wire fraud scheme may be a drop in the bucket, the consequences of falling victim to this type of crime can be devastating for individuals and small businesses. In most cases, since large sums of money are frequently transferred to various domestic and foreign accounts, there is a minimal chance that a victim will ever see any trace of that money again.
The advent of cryptocurrency made stolen funds even less likely to be traced and recovered unless that money is secured.
Nette says six out of 10 small businesses that suffer BEC go out of business because they don’t have the insurance policies or cash flow to handle the financial loss.
“Even though there are all kinds of companies with tools and ticks to reduce that risk, that risk is still there,” Nette said. “This means we all need to take steps to protect ourselves.”
How to protect yourself:
- Be careful about the information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your questions. security questions
- Do not click on anything in an unsolicited email or text message that asks you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer gives you) and call the company to ask if the request is legitimate.
- Carefully review the email address, URL, and spelling used in any correspondence. Scammers use subtle differences to fool your eyes and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know, and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never turn it off.
- Verify payment and purchase requests in person if possible or by calling the person to ensure they are legitimate. You should verify any changes in an account number or payment procedures with the person making the request.
- Be especially careful if the applicant is pressuring you to act quickly.
For more resources on how to sustain or sustain your businesses, click HERE.
Copyright 2022 WWBT. All rights reserved.
Send it to 12 here.
Want NBC12’s top stories in your inbox every morning? Subscribe here.