Cyber-attack results in more than $800K stolen from Houston business, lawsuit filed
HOUSTON - A lawsuit has been filed after online hackers used fake business emails to steal more than $800,000 from a Houston company.
According to the U.S. Attorney's Office in the Southern District of Texas, authorities seized a total of $834,157 held in a Houston bank account.
RELATED: Home camera security flaw may have allowed hackers to watch for years
Online hackers reportedly controlled the account despite it looking like a legitimate company. In reality, officials said the unidentified hackers got access to an employee's computer and accessed their company's computer networks including email servers as well as accounts.
Through these phishing attacks, they were able to create fake email addresses but identified employees responsible for financial obligations and posed as vendors who were owed money.
That's how, according to the U.S. Attorney's Office, the employees were "tricked" into wiring funds to an account, that the hackers controlled.
SUGGESTED: Artificial Intelligence making job scams more dangerous
This type of attack is described by investigators as a Business Email Compromise (BEC) scheme, which targets businesses involved in wire transfer payments.
"The fraud is carried out by compromising and/or ‘spoofing’ legitimate business email accounts through social engineering or computer intrusion techniques," the U.S. Attorney's Office said. "It causes employees of the victim company (or other individuals involved in legitimate business transactions with them) to transfer funds to accounts the scammers control."
The Secret Service conducted the investigation but is being handled by the U.S. Attorney's Office.
Officials also shared some helpful tips to avoid being a victim of a BEC scheme which include:
- Independently obtain mortgage payoff statements and confirm with verified and trusted sources.
- Independently verify the authenticity of information included in correspondence and statements.
- Enable Multi-Factor Authentication (MFA) on all email accounts.
- Routinely change passwords.
- Routinely monitor email account access, and check for unauthorized email rules and forwarding settings.
- Restrict wire transfers to known and previously verified accounts.
- Pay using checks when the information cannot be independently verified.
- Have a clear and detailed Incident Response Plan.
To learn more about how to prepare for a Cyber Incident, click here. You may also visit the Secret Service's page to learn how efforts are being made to combat BEC fraud.