BEC remains the most damaging threat, says FBI

Updated at: Oct 01, 2019
By Gatefy

BEC remains the most damaging threat, says FBI

According to the 2018 Internet Crime Report, gathered by the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) attacks continue to be the most damaging, financially speaking. Losses from scams involving BEC and EAC nearly doubled from 2017 to 2018. They increased from USD 675 million to USD 1.2 billion.

“BEC/EAC is a sophisticated scam targeting both businesses and individuals performing wire transfer payments. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds”, says the report.

The FBI notes that one of the main difficulties in fighting BEC and EAC is precisely their evolution. Criminals are always looking for new ways to be more successful in their frauds. In addition, the agency says there has been an increase in the number of complaints involving the request to purchase gift cards.

Overall, the FBI reported about 960 complaints a day in 2018, resulting in a total of 351,936 complaints. The losses exceed USD 2.7 billion. In contrast, in 2017, 301,580 complaints resulted in USD 1.4 billion in losses. Most of the victims are people over the age of 50.

Payroll Diversion scam, extortion and tech support fraud

The FBI also points out that payroll diversion scam, tech support fraud and extortion continue to be a growing issue.

For payroll diversion scam, in 2018, losses are estimated at USD 100 million for only 100 reported cases. In this type of scam, cybercriminals use phishing emails to capture employees’ login credentials. After that, the credentials are used to access the employee’s payroll account and commit the fraud.

In extortion cases, 51,146 complaints were related with losses of over USD 83 million. Compared to 2017, that's a 242% increase in losses. “Extortion occurs when a criminal demands something of value from a victim by threatening physical or financial harm or the release of sensitive data”, says FBI.

Another type of crime that had a considerable increase in losses was technical support fraud, with 161% increase in losses from 2017. The FBI received 14,408 complaints with losses amounted to nearly USD 39 million in 2018. Tech support fraud happens when a scammer fools people with a fake technical support service.

The top five crime types

By victim count

Non-payment/non-delivery - 65,116
Extortion - 51,146
Personal data breach - 50,642
No lead value - 36,936
Phishing - 26,379

By victim loss

BEC/EAC - USD 1,297,803,489
Confidence fraud/romance - USD 362,500,761
Investment - USD 252,955,320
Non-payment/non-delivery - USD 183,826,809
Real estate/rental - USD 149,458,114