Business Email Attacks Turn Into A Billion Dollar Industry


  • Business Email Compromise (BEC) attacks have grown into a $43 billion industry, the FBI has warned, urging companies to be on their guard.
  • According to FBI between July 2019 and December 2021, the number of identified global losses, due to business email scams, grew by almost two-thirds (65%).

A recent news article published in the Techradar states that business email attacks are now a multi-billion dollar industry.

Covid and crpytos

The figures are based on incidents that have been reported to the Internet Crime Complaint Center (IC3), and mean that BEC attacks are now more lucrative than the likes of the global tuna industry, or the global used-clothes industry.

The FBI somewhat attributes this growth in BEC scams to the Covid-19 pandemic and the lockdown, further stating that during that time, this type of fraud was reported in all 50 US states and 177 countries in total.

Further strengthening the thesis of BEC being a global problem, the FBI found that 140 countries received fraudulent transfers, with banks in Thailand and Hong Kong found to be the primary international destinations for funds coming from stolen endpoints, although Mexico, Singapore, and China, were also high up the list.

$43.3 billion were lost

All in all, $43.3 billion were lost between June 2016, and December 2021.

The FBI also looked at the role cryptocurrencies played in the rise of BEC scams, suggesting it widened the playing field for the crooks.

The IC3 tracked two iterations of crypto-oriented BEC scams – one where the victim would, unknowingly, send funds directly to a cryptocurrency exchange, and another one, called “second hop transfer” in which the attackers create accounts on crypto exchanges using personally identifiable information stolen from victims of other types of attacks (extortion, tech support, romance).

Crypto-oriented BEC scams

Only after the funds are sent to that account, do the crooks transfer them elsewhere.

Crypto-oriented BEC scams are getting more devastating, as well. Back in 2019, less than $5m in losses were reported.

Last year, it spiked to $40 million, with the FBI expecting the figure to grow even further in the future.

Most of the time, the attacks revolve around people being tricked into willingly sending funds, rather than deploying viruses on the victims’ devices

Did you subscribe to our daily Newsletter?

It’s Free! Click here to Subscribe

Source: Tech Radar


This site uses Akismet to reduce spam. Learn how your comment data is processed.