ValiMail in the WSJ: “Not surprised” by FBI report showing $3.1 Billion lost to email scams

Image via flickr/Dave Newman

An FBI announcement released last week claimed that $3.1 Billion has been lost to business email compromise since January 2015 across 22,000 companies globally. ValiMail’s CEO Alexander García-Tobar told the Wall Street Journal that the trend of “impersonation” scams is on the rise, and traditional anti-phishing approaches won’t stop it.

From the WSJ article:

“I’m absolutely not surprised by those numbers,” Alex Garcia-Tobar, chief executive of email authentication startup ValiMail, said about the FBI’s findings. “It’s child’s play,” he added, “an eight-year-old today can send emails as anyone they want to be.”

The FBI announcement defined business email compromise as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.”

As our CEO told the Wall Street Journal, one of the most common ways for criminals to carry out these scams is to impersonate your company’s email domain. This is uniquely dangerous because the sender appears to be a trusted party by the receiver due to a recognized email address.

Traditional anti-phishing approaches such as SEGs can’t protect businesses from these attacks because there is nothing wrong with the content of the email itself, no malware or suspicious attachments. The only issue is that the sender isn’t actually who they say they are.

ValiMail recently stopped an impersonation scam for one of our customers in which a criminal posing as the CEO requested sensitive financial information from the CFO. Read the full blog post.

Our addition to the FBI’s recommendations for protection against these scams? Enforce DMARC on your domains. This will allow you to authorize legitimate senders and stop the fraudulent stuff from being delivered.

Check your domain status to see if you’re protected.