FBI: Business Email Compromise: The $43 Billion Scam

According to the FBI, business email compromise (BEC) and email account compromise (EAC) losses have surpassed $43 billion globally. (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.

STATISTICAL DATA

The BEC/EAC scam continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars.

Derived from filings with financial institutions between June 2016 and December 2021:

Domestic and international incidents:                            241,206

Domestic and international exposed dollar loss:         $43,312,749,946

The following BEC/EAC statistics were reported in victim complaints to the IC3 between October 2013 and December 2021:

Total U.S. victims:                                                                 116,401

Total U.S. exposed dollar loss:                                          $14,762,978,290

Total non-U.S. victims:                                                        5,260

Total non-U.S. exposed dollar loss:                                 $1,277,131,099

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
John Gunn
John Gunn , CEO
InfoSec Expert
May 6, 2022 8:39 pm

The losses are massive and growing but these numbers don\’t reveal the full threat. Consider that very few companies will report an attack unless they suffer a significant loss and you can see that the volume of attacks is likely an order of magnitude greater. The best defense remains a rock-solid multifactor authentication solution that eliminates the risks associated with compromised user credentials and stolen passwords. This prevents unauthorized access to email accounts and would prevent more than half of the successful attacks.

Last edited 4 months ago by John Gunn
Dave Cundiff
Dave Cundiff , Vice President
InfoSec Expert
May 6, 2022 8:38 pm

Reading the FBI’s report tends to hold true to expected trends given the attack visibility over the last couple of years. There has been some speculation of the Pandemic creating a more target rich environment, and while I believe this to be true in a number of cases, I believe the business email and email account compromises are simply more noticeable with the remote work force.

Unpatched exchange servers and exposure were still occurring pre-pandemic, and I would contend given the frequency of patching, most likely still are occurring now. However, the phishing attacks and users unknowingly freely giving up their passwords are the most likely culprit in these cases. A focus on user education and a move to at least some form of multifactor authentication is needed across the user space bot in a personal and professional capacity. Far too many users will interconnect email and calendar services to make their lives more efficient not realizing the risk they introduce.

Last edited 4 months ago by Dave Cundiff
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x