A relatively new email scam is raking in millions of dollars, and it's got nothing to do with long-lost relatives in Nigeria. Instead, as Quartz explains, the "CEO Email Scam" dupes employees into wiring money by using bogus messages from the boss. The scammers do their homework: They assume the identity of a company CEO, or sometimes simply send an email so close to the correct email that the recipient never notices the difference. The requests go to someone in the company authorized to deal with money, usually demanding quick action—and confidentiality—because of a pending business deal. It's been so successful that the FBI issued an alert last week, citing complaints in every state and in 79 countries.
"On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software," writes Brian Krebs of Krebs on Security. But the CEO scam is especially effective because of one crucial factor: "In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the CEO scam the crooks trick the victim into doing that for them." When it works, a typical haul is between $25,000 and $75,000. The known haul worldwide is $2.3 billion, says the FBI. One cybersecurity expert in France warns that it won't go away any time soon. "It will spread because it's too good to be ignored," he tells the BBC.