BEC Scam Losses Top $12 Billion: FBI
18.7.18 securityweek BigBrothers
The losses and potential losses reported as a result of business email compromise (BEC) and email account compromise (EAC) scams exceed $12 billion globally, according to an alert published last week by the FBI.
The report is based on data collected by the FBI’s Internet Crime Complaint Center (IC3), international law enforcement and financial institutions between October 2013 and May 18. The amounts represent both money that was actually lost by victims and money they could have lost had they taken the bait.
BEC scams, which involve sending requests for fund transfers and personally identifiable information from hijacked business email accounts, have been observed in 50 U.S. states and 150 countries, with money being sent to 115 countries.
The top destinations for money generated by BEC scams are Asian banks in China and Hong Kong, but a significant number of schemes involve financial organizations in the U.K., Mexico and Turkey.
According to the FBI, more than 78,000 complaints have been made globally between October 2013 and May 18, with over 41,000 victims reported in the United States. Targeted individuals and businesses lost or could have lost $12.5 billion, nearly $3 billion of which in the U.S. Losses increased by 136% between December 2016 and May 18.
The number of non-U.S. victims known to the FBI is 2,565, with losses totaling over $670 million.
In comparison, the FBI’s previous report on BEC scams, which covered the period between October 2013 and December 2016, said there had been 40,203 incidents globally with exposed losses totaling over $5.3 billion.
In its recent 2017 Internet Crime Report, the FBI said IC3 received over 15,000 BEC and EAC complaints last year, reporting losses of $675 million.
The law enforcement agency highlighted that the real estate sector continues to be increasingly targeted. Victims include law firms, title companies, real estate agents, sellers, and buyers.
In scams targeting this sector, the fraudsters use spoofed emails on behalf of real estate transaction participants and instruct recipients to transfer money into fraudulent accounts.
“Based on victim complaint data, BEC/EAC scams targeting the real estate sector are on the rise,” the FBI said. “From calendar year 2015 to calendar year 2017, there was over an 1100% rise in the number of BEC/EAC victims reporting the real estate transaction angle and an almost 2200% rise in the reported monetary loss. May 18 reported the highest number of BEC/EAC real estate victims since 2015, and September 2017 reported the highest victim loss.”
The topic of BEC scams and how the threat can be prevented using human-powered intelligence was covered recently in a SecurityWeek column by Josh Lefkowitz, CEO of business risk intelligence firm Flashpoint.
“BEC underscores why even the most technically sophisticated cyber defenses aren’t always a match for low-tech threats. Combating BEC requires more than just advanced technologies and robust perimeter security—it requires humans to understand the threat,” Lefkowitz said.