InfoBytes Blog
FinCEN Issues Advisory on E-Mail Compromise Fraud Schemes
On September 6, FinCEN issued advisory bulletin FIN-2016-A003 notifying financial institutions of a growing number of e-mail compromise schemes, in which criminals misappropriate funds by deceiving financial institutions and their customers into conducting wire transfers. The advisory summarizes the three main stages of email compromise schemes, which involve impersonating victims to submit seemingly legitimate transactions instructions: (i) compromising victim information and e-mail accounts, whereby criminals access an e-mail account via social engineering or computer intrusion techniques; (ii) transmitting fraudulent transaction instructions, whereby criminals use stolen e-mail account information to send financial institutions fraudulent wire transfer instructions; and (iii) executing unauthorized transactions, whereby the fraudulent wire transfer instructions direct the financial institution to deposit the transfers to the criminals’ domestic or foreign banks. The advisory further warned of two prevalent email compromise schemes: i) Business E-mail Compromise (BEC), which targets commercial customers of financial institutions; and (ii) E-mail Account Compromise (EAC), which targets personal bank accounts. When conducting a BEC scheme, criminals will impersonate company employees, a company supplier, or a company executive to “authorize or order payment through seemingly legitimate internal e-mails.” EAC schemes, however, target individuals conducting large transactions through financial institutions, lending entities, real estate companies, and law firms. Developed in coordination with the FBI and the U.S. Secret Service, the advisory provides red flags for financial institutions to use to identify and prevent BEC and EAC e-mail fraud schemes.