E-mail Account Compromise (EAC) is a sophisticated scam that targets individuals. Professionals at financial and lending institutions, real estate companies and law firms are particularly at risk.
How Does the EAC Scam Work?
Cyber criminals use social engineering or computer intrusion techniques to compromise e-mail accounts. In many cases, they first gain access to a legitimate e-mail address for reconnaissance purposes and then create a spoofed account. The spoofed account closely resembles the legitimate account, but is slightly altered by adding, changing, or deleting a character. It is designed to mimic the legitimate e-mail in a way that is not readily apparent. This is then used to initiate unauthorized wire transfers. The funds are then directed to money mules in the United States or financial institutions outside of the US. By compromising firm e-mail accounts, cyber criminals can use them to request wire transfers from clients' bank accounts. Criminals are increasingly starting to follow up on their wire transfer requests by calling to confirm the transactions or to comply with wire transfer protocols, which makes the transaction appear more legitimate.
The corruption of e-mail accounts in law firms can result in the exposure of client bank account numbers, e-mail addresses, signatures, and confidential information related to pending legal transactions, or can be used to request wire transfers from trust fund and escrow accounts managed by the firm.
In the real estate industry, transactions between sellers and buyers are intercepted, altering fund transfer instructions. Realtors' addresses can be used to contact an escrow company and redirect commission proceeds to an alternate bank account or to gain access to client information.
Steps to Take If You Are the Victim of the EAC Scam:
How to Protect Yourself: