This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-34570713

The article has changed 3 times. There is an RSS feed of changes available.

Version 0 Version 1
'Whale' finance fraud hits businesses 'Whale' finance fraud hits businesses
(about 1 hour later)
Cyber-thieves are stealing millions of pounds, with a scam based around faking email messages from company bosses.Cyber-thieves are stealing millions of pounds, with a scam based around faking email messages from company bosses.
The spoofed messages ask finance staff to rush through a payment to a supplier that the chief executive cannot handle because they are out of the office.The spoofed messages ask finance staff to rush through a payment to a supplier that the chief executive cannot handle because they are out of the office.
Experts have dubbed this "whaling" fraud because it targets "one big fish" as opposed to phishing, which tends to be aimed at lots of smaller fry.Experts have dubbed this "whaling" fraud because it targets "one big fish" as opposed to phishing, which tends to be aimed at lots of smaller fry.
US tech company Ubiquiti Networks said it had lost $47m (£30m) to this scam.US tech company Ubiquiti Networks said it had lost $47m (£30m) to this scam.
"The focused attacks by criminals are increasing because they have realised they can make a bigger pay-off than they can from many thousands of smaller attacks," BAE head of threat intelligence Adrian Nish said."The focused attacks by criminals are increasing because they have realised they can make a bigger pay-off than they can from many thousands of smaller attacks," BAE head of threat intelligence Adrian Nish said.
He said the emails came from web addresses almost identical to that of the target company, often when senior executives were known to be away from the office.He said the emails came from web addresses almost identical to that of the target company, often when senior executives were known to be away from the office.
Bad guysBad guys
One security company, Centrify, only avoided falling victim to the scam when one of the finance staff happened to bump into a senior manager named in the fake email and mentioned to them that a wire transfer was being prepared.One security company, Centrify, only avoided falling victim to the scam when one of the finance staff happened to bump into a senior manager named in the fake email and mentioned to them that a wire transfer was being prepared.
The scammers had continued to badger the finance department to transfer the money even as the attempted fraud was being reported to the FBI, head of security Tom Kemp said.The scammers had continued to badger the finance department to transfer the money even as the attempted fraud was being reported to the FBI, head of security Tom Kemp said.
"We were getting regularly getting targeted by these kinds of attacks," he added."We were getting regularly getting targeted by these kinds of attacks," he added.
This week, the UK's NCC Group said it too was targeted by "whaling" fraud. In a blogpost the company said emails had been sent from a gang that had registered the nccgrroup.com domain that has one more "r" in it than their actual domain.
The email went to a senior member of the company's finance team asking them to oversee a payment for a "professional service expense".
Ollie Whitehouse from the NCC Group said it was an "agile and potentially viable" attack that was caught by the firm's internal controls.
Ben Johnson, chief security strategist at Bit 9, said the scams were widespread and the gangs behind them targeted both large and small companies.Ben Johnson, chief security strategist at Bit 9, said the scams were widespread and the gangs behind them targeted both large and small companies.
"It's becoming a big problem," he said, "especially for small companies that do not have the bodies to look into all the emails."It's becoming a big problem," he said, "especially for small companies that do not have the bodies to look into all the emails.
"The bad guys might only be after $100,000, but for a smaller company that's a lot of money.""The bad guys might only be after $100,000, but for a smaller company that's a lot of money."