FBI: Losses from Business E-mail Scams Up 2,370 Percent

The FBI released new data surrounding the agency’s tracking of business e-mail compromise scams (BEC).

Since January 2015, the “identified, exposed losses” have risen to $5.3 billion, which is a 2,370 percent increase, according to the FBI’s Internet Crime Complaint Center (IC3).

BEC scams are simple but effective deception schemes that target businesses with international offices, or those that regularly use wire transfers to move funds. “The scam has evolved to include the compromising of legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees, and may not always be associated with a request for transfer of funds,” according to the IC3 report.

The bureau also outlined the scope of attack methods and tracking of fund transfers. In all, IC3 documented 40,203 victims of BEC scams, nearly 23,000 of which are U.S. victims. These span 131 individual countries, including all 50 U.S. states.

U.S. companies alone have experienced losses of about $1.6 billion. The FBI also notes that the bureau has seen criminals transferring fraudulent funds to 79 different countries, with the majority going to Asian banks within China and Hong Kong.

“BEC is a serious threat on a global scale,” said Special Agent Martin Licciardo at the FBI’s Washington field office. “And the criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims.”

The IC3 advisement notes that it is currently not known how scammers choose their victims, but that it is clear they do their homework before launching a BEC scam.

There are five common scenarios in which criminals target companies to defraud them of funds or private data:

• Businesses that work with foreign suppliers
• An imposter posing as a business executive requesting a wire transfer
• Requests for funds transfers through a compromised e-mail account
• Imposters posing as legal professionals needing a wire transfer on a time crunch
• And fraudsters using compromised e-mails to request W-2 forms or other PII

The FBI also noted a 480 percent increase in complaints from real estate title holders. Fraudsters are tracking the proceedings of real estate deals and timing a request to change payment methods based with deal closing periods.

In terms of prevention and protection, the IC3 report says that the companies and organization with better education and understanding of how BEC attacks work are much less likely to fall victim to one.

A form of two-factor verification for wire transfers can also help prevent company accounting departments from falling victim to fraudulent requests via e-mail. This can be as easy as verifying the transfer details via the phone.

Visit the IC3 report for more prevention suggestions.