Man-in-the-E-Mail’ Fraud Could Victimize Area Businesses

Three Seattle-Area Businesses Targeted in 2013

December 2, 2013

A so-called "man-in-the-e-mail" scam that's targeted at least three Seattle-area businesses reflects a growing trend in account takeover compromises.

Fraudsters intercepted legitimate e-mails between the businesses and their suppliers and then spoofed subsequent e-mails impersonating each company to the other, according to a Dec. 2 warning issued by the Federal Bureau of Investigation. Losses linked to the attacks have so far totaled approximately $1.65 million.

The affected businesses were fooled into thinking they were sending money to an established supply partner in China. But the money was actually being sent directly to bank accounts managed by the attackers, according to the FBI.

Tips from the FBI

The FBI is warning businesses as well as consumers to be wary of e-mails from unrecognized sources and take steps to double-check the source of origin. In some cases, the metadata on the spoofed e-mails in the Seattle-area incidents indicated that they actually originated in Nigeria or South Africa, the FBI notes.

Among the FBI's other top recommendations for avoiding falling victim to such schemes:

  • Use out-of-band verification, such as telephone calls, and second-factor authentication that does not rely on e-mail, for all monetary transactions;
  • Avoid free Web-based e-mail accounts, such as G-mail and Hotmail;
  • Use digital signatures;
  • Always forward business e-mails, rather than simply replying, to ensure e-mails are going to a legitimate address that is manually entered;
  • Never open spam; delete it immediately;
  • Beware of odd changes in business practices, such as a supplier suddenly asking that you contact a sales representative through her personal e-mail address.

Please see the FBI press release at Federal Bureau of Investigation.

Chief Executive Officer (also of interest to Security Officer)
Consumer Alert
E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.
FDIC-Supervised Banks (Commercial and Savings)
Paper copies of FDIC Special Alerts may be obtained through the FDIC's Public Information Center, 877-275-3342 or 703-562-2200.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to

For your reference, FDIC Special Alerts may be accessed from the FDIC's website. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit the FDIC's website.

Sandra L. Thompson, Director
FDIC: Division of Supervision and Consumer Protection