FinCEN Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes
September 07, 2016 / Source: FinCEN
Issued: September 06, 2016
Subject: Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes Criminals are actively using e-mail schemes to defraud financial institutions and their customers—billions of dollars in possible losses.
The Financial Crimes Enforcement Network (FinCEN) is issuing this advisory to help financial institutions guard against a growing number of e-mail fraud schemes in which criminals misappropriate funds by deceiving financial institutions and their customers into conducting wire transfers. This advisory also provides red flags—developed in consultation with the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS)—that financial institutions may use to identify and prevent such e-mail fraud schemes.
E-mail Compromise Fraud:
Schemes in which criminals compromise the e-mail accounts of victims to send fraudulent wire transfer instructions to financial institutions in order to misappropriate funds. The main types of e-mail compromise fraud include:
Business E-mail Compromise (BEC):
Targets a financial institution’s commercial customers.
E-mail Account Compromise (EAC):
Targets a victim’s personal accounts.
BEC and EAC schemes are among the growing trend of cyber-enabled crime adversely affecting financial institutions. Since 2013, there have been approximately 22,000 reported cases of BEC and EAC fraud involving $3.1 billion.1 In some cases, financial institutions have absorbed losses through reimbursing customers victimized by e-mail compromise fraud. Financial institutions can play an important role in identifying, preventing, and reporting fraud schemes by promoting greater communication and collaboration among their internal anti-money laundering (AML), business, fraud prevention, and cybersecurity units.