The FBI’s Internet Crime Complaint Center (IC3) has released an alarming update on Business Email Compromise (BEC) scams, revealing that these schemes have now led to over $55 billion in reported losses worldwide between October 2013 and December 2023. This marks a significant rise in BEC-related crimes, which continue to target businesses and individuals by manipulating email systems to facilitate unauthorized financial transactions.
The IC3 report highlights a 9% increase in global losses from BEC scams between December 2022 and December 2023, with new tactics emerging, such as routing stolen funds through custodial and third-party payment processors, peer-to-peer platforms, and cryptocurrency exchanges. These advancements in criminal methods have enabled fraudsters to compromise legitimate business and personal email accounts more effectively, perpetuating a scam that targets a wide range of industries and sectors.
Expanding scope and impact
The IC3 reports that BEC scams affect all 50 U.S. states and 186 countries, underscoring the global reach of this sophisticated crime. Fraudsters have funneled money into bank accounts around the world, with the United Kingdom, Hong Kong, China, Mexico, and the UAE serving as common intermediary stops for stolen funds. In total, U.S. victims have reported more than $20 billion in financial losses, while non-U.S. victims have lost over $1.6 billion.
Since BEC scams began to proliferate, a staggering 305,033 incidents have been documented globally. Nearly 160,000 of these involved U.S.-based businesses and individuals, making the U.S. a primary target for these schemes. While the financial toll has been immense, the true extent of damage likely surpasses reported figures, as many incidents remain unreported or unresolved.
How BEC scams work
Business Email Compromise typically involves criminals hacking or socially engineering email accounts belonging to businesses or individuals who regularly handle financial transfers. Attackers use these compromised accounts to send fraudulent payment requests, often masquerading as legitimate business communications. In some cases, BEC scams extend beyond financial theft, as attackers seek personal information like Social Security numbers to carry out additional crimes.
BEC schemes have evolved over the years, with attackers now utilizing complex strategies to manipulate payment processes. They increasingly target third-party payment platforms, as well as cryptocurrency exchanges, making stolen funds harder to trace and recover. In response to this escalation, the FBI urges businesses and individuals to adopt stronger security measures to safeguard against such threats.
Prevention strategies
The FBI emphasizes the need for rapid action when detecting a fraudulent transfer. Victims should immediately contact their financial institution to attempt to recall the funds and file a complaint with the IC3. This can assist law enforcement in freezing assets before they are moved beyond reach. To protect against BEC attacks, the FBI provides the following key recommendations:
- Implement two-factor authentication and secondary communication channels to verify any changes in account information.
- Use unique, strong passwords for each online service and update them regularly.
- Scrutinize the URLs in emails to ensure they match the claimed sender.
- Watch for misspelled hyperlinks and suspicious domain names.
- Never provide login credentials or personal information via email.
- Regularly monitor financial accounts for unusual activity.
Leave a Reply