Thursday, June 14, 2018
The Evolution of Email Scammers: Moving from Granny, to Granny's Lawyers and Financial Companies as Their Targets
In my Elder Protection Clinic days, I met with family members of older adults victimized by off-shore scammers. In one notable case, the older mother, normally a savvy woman about her personal finances, had succumbed to the flattery of someone posing as a financial advisor, who offered her various new "investments." He knew just how to work her, appealing to her "business acumen," using internet maps to learn about her neighborhood and thus to make it seem his office was in a building near her bank in a suburb of Pittsburgh. Even after her daughter, with the help of a legitimate financial advisor who caught the unusual activity on the mother's accounts, shut down any easy means of access to her mom, the mother continued to believe the perpetrator was just bad at financial advice, and not totally corrupt.
The elderly mother's judgment on who to trust was impaired, but the impairment was specific and hard to recognize because she otherwise functioned fairly well. The combination of the perpetrator's flattery, his appeal to her once-strong financial skills, and the fact that she was lonely, trapped in her house as her physical strength was waning, all contributed to the success of the scam. It all began with a single email.
A recent announcement by the FBI of a coordinated law enforcement effort to disrupt international scammers reveals how the scamming industry has evolved. The FBI explains:
Operation WireWire—which also included the Department of Homeland Security, the Department of the Treasury, and the U.S. Postal Inspection Service—involved a six-month sweep that culminated in over two weeks of intensified law enforcement activity resulting in 74 arrests in the U.S. and overseas, including 42 in the U.S., 29 in Nigeria, and three in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers.
A number of cases charged in this operation involved international criminal organizations that defrauded small- to large-sized businesses, while others involved individual victims who transferred high-dollar amounts or sensitive records in the course of business. The devastating impacts these cases have on victims and victim companies affect not only the individual business but also the global economy. Since the Internet Crime Complaint Center (IC3) began formally keeping track of BEC [business e-mail compromise] and its variant, e-mail account compromise (EAC), there has been a loss of over $3.7 billion reported to the IC3.
BEC, also known as cyber-enabled financial fraud, is a sophisticated scam that often targets employees with access to company finances and trick them—using a variety of methods like social engineering and computer intrusions—into making wire transfers to bank accounts thought to belong to trusted partners but instead belong to accounts controlled by the criminals themselves. And these same criminal organizations that perpetrate BEC schemes also exploit individual victims—often real estate purchasers, the elderly, and others—by convincing them to make wire transfers to bank accounts controlled by the criminals.
Foreign citizens perpetrate many of these schemes, which originated in Nigeria but have spread throughout the world.
Law firms were among the most frequent targets of the scammers, who posed as clients to access funds held in the law firms' trust accounts. For more on the industry, read "It's Time to Stop Laughing at Nigerian Scammers -- Because They're Stealing Billions of Dollars," from the Washington Post.