Unlike traditional email scams, which rely on spoofing a business email to trick respondents into sending money to a fraudulent account, wire-wire scammers grab a collection of email addresses from publicly available sources and then target them with malware. Once that target is infected, they are able to access to their email account(s) and begin identifying clients or suppliers that they have a relationship with.

The ring is then able to intercept any emails containing invoices, substitute the target’s details with their own and force the supplier to unwittingly credit the scammers’ account. The technique is a lot harder to trace because it happens behind closed doors, but there’s been enough of a rise in business email scams that the FBI has been forced to issue a warning.

Since February, the Secureworks team watched the scammers reroute transactions averaging between $30,000 and $60,000, mostly from small and medium-sized businesses that mainly conduct international deals. IEEE notes that in one case, thieves successfully rerouted a $400,000 payment from a US chemical company to its Indian supplier.

Often, neither company knows something is amiss until a delivery or payment is marked overdue. Stewart and Bettke even tried to tell some of the targets that they were being scammed but were mistaken for scammers themselves. That said, they were able to successfully notify Nigeria’s Economic and Financial Crimes Commission, which is now conducting at least one active investigation.