Be aware of Email Account Compromise scams

September 2015 - Email Account Compromise (EAC), also known as account hijacking, is a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms.

The EAC scam is very similar to the Business E-mail Compromise (BEC) scam, except that it targets individuals rather than businesses. According to the FBI, EAC scams were responsible for consumer losses of nearly $700, 000 in the three months between April 1 – June 30 from their inboxes being hijacked by cyber thieves.

What to Know:

  • Account Hijacking is a process through which an individual’s email account, computer account or any other account associated with a computing device or service is stolen or hijacked by a hacker.
  • It is a type of identity theft in which the hacker uses the stolen account information to carry out malicious or unauthorized activity by impersonating the account owner.
  • It is typically carried out through phishing, sending spoofed emails to the user, password guessing or a number of other hacking tactics.
  • In many cases, an email account is linked to a user’s various online services, such as social networks and financial accounts, which the hacker can use to retrieve the person's personal information, perform financial transactions, create new accounts, and ask the account owner's contacts for money or help with an illegitimate activity.
  • Learn more about Email Account Compromise in an alert recently published by the Internet Crime Complaint Center (IC3).

What to Do:

  • Do not click links or open any attachments in suspicious emails or social media channels.
  • If you believe you are a victim of the EAC scam, immediately contact law enforcement.
  • If you discover a fraudulent transfer on your KeyBank account, immediately contact the Fraud & Disputes Hotline at 800- 433-0124.
  • File a complaint at http://www.ic3.gov/complaint/default.aspx, regardless of dollar loss; provide any relevant information in your complaint and identify that your complaint pertains to the EAC scam.