Definition[edit | edit source]
E-mail account compromise (EAC) is
|“||a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms.||”|
Overview[edit | edit source]
"In EAC scams, criminal actors use social engineering or computer intrusion techniques to compromise the e-mail accounts of unsuspecting victims. In many cases, a criminal actor first gains access to a victim's legitimate e-mail address for reconnaissance purposes. The criminal actor then creates a spoofed e-mail account that closely resembles the legitimate account, but is slightly altered by adding, changing, or deleting a character. The spoofed e-mail address is designed to mimic the legitimate e-mail in a way that is not readily apparent to the targeted individual. The criminal actor then uses either the victim's legitimate e-mail or the spoofed e-mail address to initiate unauthorized wire transfers.
"In some cases, the funds from unauthorized wire transfers are directed to money mules located in the United States. In other instances, wire transfers are directed to accounts of financial institutions outside of the United States. [C]riminal actors are starting to follow up on wire transfer requests by calling to confirm the transactions or to comply with wire transfer protocols, thus making the transaction appear more legitimate."