Pub. 1 Issue 1

27 Cyber Crimes: Why You Should Be Very Afraid I f you are like one of two Midwest dealers involved in a recent lawsuit, you may be the unfortunate victim of a cybercrime. In a Midwest lawsuit, a dealer arranged through its inventory manager to sell twenty Ford Explorers to another Ford dealer. After the arrange- ments were made through email, and the vehicles were shipped, the buying dealer received emails about payment from a slightly different email address that began with a simple message: “Due to some tax related procedures, we will prefer a wire transfer, let me know when you need wiring instructions?” Unfortunately, those payment emails were sent by a Nigerian fraudster who hacked into and took up residence in the selling dealer’s computer system. He provided wire instructions to his account, the mon- ey was wired by the buyer to the real bank account set up by the fraudster, and then the account was immediately emptied. Both dealers were victims. However, the federal judge considering the case had to choose a winner and a loser, and he ruled that the buying dealer must pay the selling dealer $735,225.40, meaning the buying dealer has lost nearly three-quarters of a million dollars. This case has important lessons for all dealers. Motor vehicle dealers engage in large dollar transactions, and they are targets of hacking. The FBI has reported that from 2013-2016, known losses for a cyber crime called Business E-mail Compromise (BEC) totaled over $5 billion worldwide. The scam is carried out when a fraudster utiliz- es social engineering or hacking techniques to compromise business e-mail accounts and swindle unsuspecting employees into making fraudulent wire transfers. These criminals appear to indiscriminately target companies—big or small—and use money mules to clean the account before anyone can discover what transpired. How does this scam work? The scam artist’s goal is to hack your e-mail account and either take control or use a spoof ac- count to deceive your vendors, sellers, or employees into wiring funds to an account controlled by the criminal. To access an e-mail account, the criminal can utilize numerous techniques. • Man in the Middle in which the fraudster intercepts communications, and steals credentials or other sensitive information; • Spoofing: in which the fraudster creates a fake, albeit similar, e-mail account to impersonate and fool victims; • Phishing: which involves the perpetrator sending an e-mail with a link to a recog- nizable—but fake—website, prompting the recipient to enter his or her cre- dentials, or an attachment containing a malware program. If your e-mail is compromised through hacking, sophisticated con artists can lay dormant for weeks, evaluating the compa- ny’s vendors, accounting systems, employee communication styles and travel schedules. They end up looking like you, writing like you, and joking like you. They may impersonate the dealer and send employees “urgent” wire transfer requests or wait for a deal to develop and hijack the conversation to redirect payment. They may even inject themselves between you and your bank to intercept credentials and redirect, or create additional, wire transfers. The aftermath of the crime is generally a mess. The seller blames the buyer, the buyer blames the bank, the bank blames both, and insurance companies rely on complicated policy exclusions to avoid paying losses.