Business Email Compromise: The $43 Billion Scam

Reading time ( words)

Editor’s note: The FBI released this public service announcement, which was an update and companion piece to Business Email Compromise (PSA I-091019-PSA) posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center complaint information and updated statistics from October 2013 to December 2021.

Business email compromise/email account compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.

The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds.

The scam is not always associated with a transfer-of-funds request. One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even crypto currency wallets.

Statistical Data
The BEC/EAC scam continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars. This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.

The BEC scam has been reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers. Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021, followed by Mexico and Singapore.

To read this entire PSA, which appeared in the July issue of SMT007 Magazine, click here.

12/14/2022 | Nolan Johnson, I-Connect007

In the midst of electronica, which included the co-hosted SEMICON show, Nolan Johnson speaks with Koh Young’a Harald Eppinger about the convergence of capabilities in the IC and PCB lines at Koh Young. In addition, Eppinger points out that while there are similarities between the global regions of production, there also are unique requirements.

10/26/2022 | Nolan Johnson, I-Connect007

It’s not just automotive and medical devices for which capital equipment manufacturers like BTU International are finding a market. It’s also not just domestic. Bob Bouchard says his company has seen an uptick in sales after the pandemic into more “purpose-built” equipment with sophisticated requirements and very tight process control. It’s meant an increase in sales staff as well. It’s encouraging news ahead of BTU International’s exhibit at SMTA International next week.

08/16/2022 | Divyash Patel, MX2 Technology

If you influence IT decisions at your workplace, you need to hear this. If you make the decisions, you need to listen, not just hear: Unless you start acting on CMMC compliance now, you are putting yourself at a disadvantage—one that will take much more time to correct than you might expect. Think of me as a spokesperson for the industry I represent: we are concerned about you. From what I’ve heard and seen over the last few months, too many of you are listening to suppliers, upstream and downstream partners, or other business owners on how seriously to take CMMC. As a result, far too much wishful thinking is guiding decision-making. So, listen to the experts.