GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Payments' place in the retail playbook - Part 1

Dale S. Laszig


Industry Update

Visa Checkout gains 12 million consumers worldwide

Walmart PINs hopes to Visa debit lawsuit

EPC study takes aim at Durbin supporters

Marketplace lenders form new association

PayPal releases app upgrade only for Apple, Android


CNP Expo spotlights fraud, big data, virtual reality

Observations from Payment Facilitator Day

Banks jump on mobile wallets

Adam Atlas

Selling Prepaid

Virtual gifting: field of possibility


Email-related fraud threats grow

Patti Murphy
ProScribes Inc.

Disruption a hot topic at Transact 16

Brandes Elitch
CrossCheck Inc.

Door-to-door sales, the good old-fashioned way

Steven Feldshuh


Street SmartsSM:
MLS rebranding, the discussion continues

John Tucker
1st Capital Loans LLC

It takes more than sales to sustain an ISO

Jeff Fortney
Clearent LLC

Work less and improve your bottom line

Aaron Nasseh
Finical Inc.

Help small merchants avoid MATCH

Sarah Zilenovski

Company Profile

MavensTech Inc

New Products

Comprehensive transaction transport security

TransKrypt Security Server
NewNet Communication Technologies LLC

Next-generation API for vast, underserved market

Digitzs Solutions Inc.


Applying job interview know-how to sales


Letter from the editors

Reader's Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

June 13, 2016  •  Issue 16:06:01

previous next

Insider's report on payments:
Email-related fraud threats grow

By Patti Murphy

For those of us who came of age with teletypes and mimeographs, the advent of the Internet and email was wondrous. But these wonders of technology have not come without costs. Take email, for example. What began as a convenient, low-cost way to communicate with family, friends, associates, clients and billers has evolved to a dumping ground for unwanted communications and fertile ground for fraudsters.

According to the Internet Security Threat Report, published in April 2016 by cybersecurity firm Symantec Corp., more than half of all emails across all industries in 2015 were spam, down slightly from 60 percent in 2014. At retail trade companies, spam accounted for 52.7 percent of emails last year; 52.1 percent of emails received by finance, insurance and real estate companies were spam. No company size is particularly vulnerable – spam is an equal opportunity problem, the report noted.

Retailers are the most at risk for phishing – one of the most popular types of Internet fraud. According to Symantec, one in every 690 emails received at retailing companies in 2015 were phishing attempts. At finance, insurance and real estate firms, phishing accounted for one in every 2,200 emails. Few, if any, spammers work alone, and the criminal enterprises they ally with have grown increasingly sophisticated, just like the technologies they exploit. For example, advanced phishing kits trade online for between $2 and $10 and require little technological savvy to operate, the Symantec report noted.

Huge losses reported

The FBI keeps track of such fraud through the Internet Crime Complaint Center, which it operates. The bureau recently revealed that U.S. businesses lost more than $263 million as a result of 7,838 reported business email compromise (BEC) attacks in 2015. While they were fewer in number than other types of Internet-related fraud, financial losses from BEC attacks dwarfed the total of all other reported Internet crimes combined, according to the FBI.

For example, the FBI said it fielded nearly 22,000 complaints involving identity fraud that triggered $57 million in losses in 2015. Reported Internet-related credit card fraud losses totaled $41 million that year, and corporate data breach losses amounted to about $39 million, according to the FBI's Internet Crime Report, published in May 2016.

Not included in the BEC numbers are what the FBI labels email account compromises (EAC). The FBI makes a distinction between BECs and EACs, explaining the latter targets the general public as well as financial professionals (for example, those working as lenders, realtors and lawyers). The FBI said it fielded 281 complaints about EACs in 2015 and that losses from those fraudulent emails totaled about $11 billion. These numbers likely understate the problem, however, since they only represent losses reported to the government.

The state with the largest number of individual and corporate victims of email fraud was California (14.53 percent), the FBI reported. Florida (with 8.47 percent), Texas (7.67 percent) and New York (6.30 percent) had the next highest numbers of victims.

The United States also stands out among other countries, as it was home to over 80 percent of Internet crime victims worldwide in 2015, according to the FBI. Just 2.47 percent of Internet crime victims worldwide were in the United Kingdom, which ranked second among countries with the most victims of Internet crime; Nigeria (with 2.2 percent), China with (1.91 percent) and India (1.46 percent) round out the top-five list, the FBI said.

BEC scams loom large

The FBI reported that BEC scams began to surface in 2013 and are an offshoot of traditional phishing attacks; however, these scams target finance staffers and others with access to company purse strings. The scammers go to great lengths to engender trust and legitimacy – sometimes posing as top company officers – complete with realistic looking spoof email headers, signatures and other details.

The goal: to trick victims into transferring large sums of money as part of a new (bogus) acquisition or supplier relationship. The FBI said BEC scams have resulted in fraudulent transfers flowing to bank accounts in many countries, "with a large majority travelling through Asia."

In the threat report cited above, Symantec stated, "The social engineering involved in these phishing attacks is more sophisticated and targeted. They not only send generic scams to large numbers of people, but seek to develop ongoing relationships, validate access to company information and build trust." This requires research and reconnaissance, reviewing social media profiles and the online activities of targeted individuals in order to learn about their jobs, co-workers and the organizational structure.

Any business would err to think today's sophisticated security technologies and controls will shield them from phishing attacks, as long as they "rely on the capability of its employees to detect advanced and targeted phishing campaigns," Symantec said.

Mia Papanicolaou, Chief Operating Officer at Striata Inc., agreed. Striata is a technology company that specializes in software and document security solutions. Papanicolaou described email as "a powerful channel" and also an "enabler" of bank account takeovers. "You can invest in the best technologies, but if you're not educating [staff and customers], you're going to have massive problems," she said in a recent interview.

Papanicolaou recommended "regular audits across the board" to ensure all staff and customers understand and can foil email-related threats before they become losses. Also, emailed documents should be encrypted and password protected. "This is of paramount importance," she said.

SIDE NOTE: Protective measures against cyber-scammers

Following are steps, gleaned from several sources, that businesses and individuals can take to protect against Internet scams, particularly BECs:

Patti Murphy is Senior Editor of The Green Sheet and President of ProScribes Inc. She is also the founder of Email her at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios