TOKYO — Even with the language barrier sparing Japanese businesses the brunt of international online fraud, big companies are putting preventive measures in place as email scams targeting businesses surge.
Perpetrators frequently try to get a company to wire a large sum of money to a bank account by pretending to be the president or a client.
Reports of businesses falling prey to such scams began surfacing around three years ago, with the number shooting up last year. Chief financial officers are targeted 40% of the time, followed by finance directors at 10%, according to information security software maker Trebd Micro.
Walking the wire
The simple con takes time and effort to set up. First, hack into the company’s email system and read up on rules and procedures for money transfers. Monitor email communications for upcoming payments to clients. Just before a payment would be made, send a fake message from the CEO’s email address, saying to wire the funds to a different account.
The many victims, some with heavy losses, testify to how well the trick works. Major German automotive cable manufacturer Leoni was swindled out of 40 million euros ($43.2 million) in August. Austrian aircraft components maker FACC lost 42 million euros.
More than 22,000 enterprises worldwide have fallen victim to business email compromise scams since October 2013, the U.S. Federal Bureau of Investigation reported last June. Actual and potential losses totaled some $3.1 billion.
The next victim?
Trend Micro reports that nearly 2,500 businesses in the U.S. receive scam emails in a six-month period — 10 times the Japanese tally. But once the con becomes too well-known to work effectively in English-speaking countries, fraudsters will likely shift focus to other languages.
“Japanese companies will become major targets in the future,” warned Hirohide Matsukawa, senior researcher at Trend Micro.
And in a globalized world, email scams already target Japanese companies abroad.
“A person in charge of finances at an overseas subsidiary received suspicious email,” said CFO Kazuharu Watanabe of video game company Square Enix Holdings.
Some major corporations are taking no chances back at home, either. Hitachi requires four approvals before executing a fund transfer of 100 million yen ($900,000) or more.
At NEC, employees who receive email from the CEO telling them to transfer money must confirm the instructions by calling the chief executive’s mobile phone, according to CFO Isamu Kawashima.
Forewarned is forearmed
In Japan, the fight against online scams targeting businesses literally must start at the top. The chances of malware-tainted email being opened are 60% higher among executives than rank-and-file workers, according to Nomura Research Institute cybersecurity unit NRI SecureTechnologies.
Knowing what to do also lowers the odds of being swindled. Many email scams create a sense of panic by threatening to take the company to court unless money is paid immediately. Such bullying tactics can be defeated by simply keeping calm.
Strengthening information security systems is not enough. Education and training must also be made part of data security efforts.