Business email compromise (BEC) scams that attempt to trick senior staff at medium and large corporations into transferring large sums of money typically rely on the same formats - either compromising the CEO's account, spoofing the CEO's email address, or using a form of typo-squatting where the email address uses a domain which resembles the targeted company's actual domain, according to a Thursday blog post from Symantec.
Researchers at the company said that all of the cases they observed involved attackers sending emails posing as the company's CEO.
Attackers often use simple tricks to avoid suspicion, such as stating that alleged CEO sender is in a meeting, or that the "CEO" can't accept phone calls and many of the emails included “sent from my iPad” signature to reinforce that the sender is traveling and to help excuse poor English, the post said.
Cybercriminals often only need to be successful a few times in order to be profitable, in one incident a scammer attempted to dupe a victim out of $370,000.
Earlier this year the FBI reported that these scams cost U.S. victims $750 million and impacted more than 7,000 people between October 2013 and August 2015 and these scams are still ongoing.
Researchers recommend that people question any emails requesting actions that seem unusual or out of line with normal procedures and said that companies use two factor authentication for initiating wire transfers.