BEC Scams Accounted For $1.7 Billion, Half Of Total Cybercrime Losses In 2019: FBI Report

  • IC3 received 13,633 Tech Support Fraud complaints from victims residing in 48 countries.
  • A total of 23,775 BEC scam victims accounted for $1.77 billion in losses.

The FBI's Internet Crime Complaint Center (IC3) released the 2019 Internet Crime Report, revealing estimated cybercrime losses of over $3.5 billion in the year 2019.

Highlights from the report

"Criminals are getting so sophisticated. It is getting harder and harder for victims to spot the red flags and tell the real from fake," said Donna Gregory, the Chief of IC3.

  • The FBI received a total of 467,361 cybercrime complaints which resulted in total individual and business losses of $3.5 billion last year.
  • Almost half the losses—an estimated $1.77 billion—came from the losses caused under BEC (Business Email Compromise), also known as EAC (Email Account Compromise) scams.
  • The most frequently reported complaints were phishing and similar ploys including non-payment or non-delivery scams, and extortion, as per the report.
  • Phishing, smishing, vishing together accounted for an average of $500 in losses per complaint, while ransomware attack complaints averaged at $4,400 in losses.
  • Further, IC3 received 13,633 Tech Support Fraud complaints from victims residing in 48 countries. These recorded a loss of over $54 million.

What happens in a BEC scam?

In a typical BEC scam, hackers either compromise or spoof or impersonate an email account of a legitimate person or company. Then they use this email account to send fake invoices or business contracts to targeted individuals. Such emails may also be sent to the employees in the same company, or upstream or downstream business partners.

  • Once trust is established with the potential target, hackers trick them into wiring money into the bank accounts under their control.
  • BEC scams are usually simple to execute and don't require advanced coding skills or complex malware payload dropping.

BEC in 2019

BEC scams remained the most damaging and effective type of cybercrime in 2019 as per the report.

  • As per the FBI report, 23,775 BEC victims accounted for $1.77 billion in losses, which comes to an average $75,000 per complaint.
  • Also, there was an increased number of BEC/EAC complaints related to the diversion of payroll funds as compared to the previous year.

Closing thoughts

Though there were many ransomware incidents reported in 2019, the year observed a decrease in the number of such complaints. However, there was a rise in the amount of losses caused by ransomware attacks in 2019.

Cyber experts around the world predict that both BEC and ransomware attacks may witness further rise in 2020, as there's hardly anything deterring cybercrime groups from launching new attack campaigns.