ATLANTA — The FBI is releasing a renewed call for vigilance among businesses that could easily be tricked into giving away millions.
And with personal information now available widely across the internet, criminals can legally get everything they need to concoct elaborate lies.
"Be careful what you post online," Agent Todd Renner said during a Tuesday press conference in Atlanta. "Be aware that your social media is going to be where they find out about you. Through your companies' websites, your job duties and descriptions about your out-of-office details."
With pieces of a target's life in their possession, Renner said scammers can easily create a request that most would believe is real. It's this researched approach that has led to thousands of business email and email account compromises across the U.S. costing billions of dollars.
In Georgia alone, 446 business email compromises were reported in 2018, costing roughly $98 million. The FBI managed to recover about $60 million, leaving the rest still in the hands of the criminals that stole it.
One of the companies who managed to recover their losses with the help of the FBI was Regal Lager, a Cobb County-based wholesaler. The people over the company are now joining the FBI in warning of how serious - and devastating - online scams can be.
"I don't want anyone else to have to deal with this," the company's vice president and co-owner, Luanne Whiting-Lager, said. "And it's happening - as you heard from the numbers - it's happening way too often, and all of us think that we're smart. We thought we were smart and we weren't. We got caught."
This particular scam involved an email from what appeared to be one of the business's vendors, and the emailer included an invoice for $216,000, which the business did, in fact, owe to the real vendor. The email included the wire information the business should use to send the money. When the business wired the money according to the instructions, the thieves received the money, not the legitimate vendor.
"They followed suit and did as they thought they were supposed to and wired the funds to another country altogether," Renner said.
It was a trick. The money never reached it's intended target. Instead, the company had just paid a criminal who did everything they could to sound legitimate. This happened on a Friday. It wasn't until Monday that Whiting-Lager said she and her coworkers realized something was wrong.
"That email that was sent to our director of finance was not from my husband," she said. "It was from somebody else trying to be my husband."
Whiting-Lager said they immediately called their bank and then the FBI. They'd just lost $216,000. Had it not been for the findings of the FBI, they would have had a serious problem.
"It would have been very serious. We're a small business ... this was a full container of highchairs that was coming from Europe for us," she said. "We would have lost a great deal of sales."
She said the hit to revenue would have been even greater.
"I've never been victimized before," she said. "We all felt taken, we all felt dirty somehow. Or, 'what have we done wrong?' It was not a good feeling at all."
Even with the FBI's help, it took roughly three weeks for them to get back the roughly quarter-million dollars.
Since then, Whiting-Lager said they implemented new safeguards to prevent the situation from repeating itself. But, they believe the scammers gained access to their email servers to find out what they owed to who.
That's why Agent Renner said employees should be aware and suspicious of anyone who is trying to rush a financial transaction online - even if they otherwise seem legitimate. He also said employees should do research before making that transfer or providing information.
"Pick up the phone," he said. "We want you to call your creditor to verify that the email's from them."
And for those who find they've been scammed, Renner said they should contact the FBI's Internet Crime Complaint Center - with one of the fastest methods being through IC3.org.