An FBI warning has been issued about a scam targeting companies around the globe and here in Connecticut.
The businesses being targeted are losing tens of thousands of dollars and not only do they lose a significant amount of money, but it's also not clear where the money is going.
"Our concern is they’re being funneled to fund terrorist organizations to fund drug cartels, to fund expanding cyber criminal organizations and you know what? When you have money there’s a lot more stuff you can do," Supervisory Special Agent Martin McBride with the FBI New Haven Field Office said.
McBride said the FBI field office in New Haven is highly concerned with this scam called the “executive email compromise," which targets law and manufacturing firms.
"In the state of Connecticut, we’ve had cases where they've lost as little as $80,000 and as much as $1.5 million, with the average of several cases around $400,000,” McBride said.
"This exact type of crime happened to a company in Connecticut that we responded to, we investigated. We were able to track the perps down to Nigeria," Hartford-based attorney Ryan McGuigan said.
But feds say the scam is not just in Nigeria, but everywhere.
"Companies and individuals have to be very careful about what they click on on the Internet because literally it's how it begins with curious clicking," McGuigan told NBC Connecticut.
"The red flag is the body of the message telling you to do something different. If they’re telling you to change anything financial,” added McBride.
In one case, scammers hacked the email account of the CEO or other top executives and then directed a subordinate to wire funds to what turns out to be a phony account controlled by the suspects.
"They were able to get the dot-com address of the CEO and put slight changes to it," McGuigan added.
McBride created these dummy accounts for the NBC Connecticut Troubleshooters and “l” in Jill Konopka's name was changed to the number one to create a look-alike domain. The real thing can then be copied then pasted to victims, so simply.
"It’s not complicated in its structure, but complicated in its application. They have to employ hundreds of people on computer terminals because it happened over a number of years. It was pervasive, like a virus and even after we alerted the FBI it continued to happen over and over and over again," McGuigan said.
Another version of the scam is when a business’s email is cracked and used to blast a bill to a legitimate customer, directing them to wire funds to an account controlled by the scammers.
“When people don’t believe a $400,000 loss to a big business is a big deal who cares? Well, we care because that money put in the wrong hands can support all kinds of nefarious activities against us," McBride said.
He urges corporations to take simple steps, aside from email, to verify requests for money.
"Pick up the telephone, send a text message, do something you have control over," McBride said.