Cuyahoga County Department of Consumer Affairs Warns Against Email Scams Targeting Businesses and Government

Posted on

Contacts:
Donisha Greene: (216) 443-7075, or dgreene@cuyahogacounty.us


CLEVELAND – The Cuyahoga County Department of Consumer Affairs warns businesses, nonprofits and government organizations about scam emails that look like they come from the boss.

Although imposter scams aren’t new, the latest emails are written as a casual first-name request from the boss. The sender’s address appears to be the boss’s work email.

A county employee spotted this scam email, which appeared to come from a department head:  "Hi, Claudia. Could you please email me a PDF copy of all employees' 2015 W2s? I would like to make a quick review. Thanks, Pat."

The employee immediately contacted her boss and notified IT Security of the scam email.

An area business received another version that read: “I need you to prepare a wire transfer for a payment, let me know if you're available so I can send you transfer details. Thanks.” 

The FBI reports a 270 percent increase in what it calls “business e-mail compromise” scams. Although the boss’s email account may be compromised, in some cases the scammers simply spoof the sender’s address.

In one case reported by the FBI, a CFO acting on what appeared to be her boss’s orders  wired a $250,000 payment to a Hong Kong bank, only to find her CEO had never made the request.

These emails target employees who handle money (bookkeepers and accountants, for example) or sensitive company information (attorneys or human resources employees).

Employers should warn employees to be on the lookout for emails from the boss that contain:

  • Requests to send sensitive information about employees or customers via email
  • Instructions to make large payments to an unknown vendor or using a payment method (i.e., a wire transfer) the company doesn’t ordinarily use
  • Spoofed sender addresses that are a misspelled version of the organization’s email address (for example, “flrm.com” instead of “firm.com”) or that show a different email address when a cursor hovers over the sender’s address or when the recipient hits “reply.”

Employers can protect themselves from financial loss by requiring a secondary sign-off and phone verification using a known phone number for money wires.

Organizations that become victims should request their financial institution issue a “SWIFT recall” and file a Suspicious Activity Report.

Scammed employers can report losses of $25,000 or more that occurred within the previous three days to the Cleveland office of the FBI at 216-522-1400. Smaller or older losses can be reported to ic3.gov.

In addition, organizations in Cuyahoga County contacted by a scammer, regardless of whether they experienced a loss, should report it to the Cuyahoga County Department of Consumer Affairs at consumeraffairs.cuyahogacounty.us or by calling 216-443-7035.


  
How could we make it better?
   Please leave a comment before submitting.
Thank you for your feedback
Your feedback means a lot to us. We use it to improve the experience of all of our users.