Business Email Compromise: The $43 Billion Scam


Reading time ( words)

Editor’s note: The FBI released this public service announcement, which was an update and companion piece to Business Email Compromise (PSA I-091019-PSA) posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center complaint information and updated statistics from October 2013 to December 2021.

Business email compromise/email account compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.

The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds.

FBI_Figure1-700.jpg

The scam is not always associated with a transfer-of-funds request. One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even crypto currency wallets.

Statistical Data
The BEC/EAC scam continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars. This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.

FBI_Figure3-700.jpg

The BEC scam has been reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers. Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021, followed by Mexico and Singapore.

To read this entire PSA, which appeared in the July issue of SMT007 Magazine, click here.

Share




Suggested Items

How Important Is Trust?

07/20/2022 | Randy Cherry, IPC
If you work for a U.S. defense prime contractor, do you have concerns that the controlled unclassified information (CUI) for your printed circuit boards, your printed circuit board assemblies, and your cable and wire harnesses is safe? What about the design and the development process for your products? Is the controlled technical information (CTI) safe and protected? Are the suppliers that your company selected maintaining a quality system, a supply chain risk management process, a security system to protect products and services from unauthorized access, and a Chain of Custody policy for electronic and physical materials?

Time to Get Serious About CMMC Readiness

07/13/2022 | I-Connect007 Editorial Team
Divyash Patel of MX2 Technology is a leading cybersecurity expert who’s sounding the alarm about getting your company into a state of readiness. But he’s not yelling fire in a theater. Whether it’s aligning with DoD’s CMMC, or just ensuring your company’s data and processes are protected, Divyash can see what’s coming. “This is a must-have compliance program,” he says. “It needs to be taken seriously and maintained.”

IPC APEX EXPO 2022: What to Expect Regarding COVID Restrictions

12/08/2021 | Alicia Balonek, IPC
As IPC is adhering to California Department of Public Health Guidelines, proof of COVID vaccination or a negative test will be required to attend IPC APEX EXPO 2022. IPC has partnered with InHouse Physicians (iHP) for attendees to upload their proof of vaccine or negative COVID test results in advance of arrival at IPC APEX EXPO. Once information is uploaded via the iHP link, a trained medical professional will review the information within 24 hours and provide an email confirmation with a green check mark indicating they’ve been cleared for entry.



Copyright © 2022 I-Connect007. All rights reserved.