- Business Email Compromise (BEC) attacks have grown into a $43 billion industry, the FBI has warned, urging companies to be on their guard.
- According to FBI between July 2019 and December 2021, the number of identified global losses, due to business email scams, grew by almost two-thirds (65%).
A recent news article published in the Techradar states that business email attacks are now a multi-billion dollar industry.
Covid and crpytos
The figures are based on incidents that have been reported to the Internet Crime Complaint Center (IC3), and mean that BEC attacks are now more lucrative than the likes of the global tuna industry, or the global used-clothes industry.
The FBI somewhat attributes this growth in BEC scams to the Covid-19 pandemic and the lockdown, further stating that during that time, this type of fraud was reported in all 50 US states and 177 countries in total.
Further strengthening the thesis of BEC being a global problem, the FBI found that 140 countries received fraudulent transfers, with banks in Thailand and Hong Kong found to be the primary international destinations for funds coming from stolen endpoints, although Mexico, Singapore, and China, were also high up the list.
$43.3 billion were lost
All in all, $43.3 billion were lost between June 2016, and December 2021.
The FBI also looked at the role cryptocurrencies played in the rise of BEC scams, suggesting it widened the playing field for the crooks.
The IC3 tracked two iterations of crypto-oriented BEC scams – one where the victim would, unknowingly, send funds directly to a cryptocurrency exchange, and another one, called “second hop transfer” in which the attackers create accounts on crypto exchanges using personally identifiable information stolen from victims of other types of attacks (extortion, tech support, romance).
Crypto-oriented BEC scams
Only after the funds are sent to that account, do the crooks transfer them elsewhere.
Crypto-oriented BEC scams are getting more devastating, as well. Back in 2019, less than $5m in losses were reported.
Last year, it spiked to $40 million, with the FBI expecting the figure to grow even further in the future.
Most of the time, the attacks revolve around people being tricked into willingly sending funds, rather than deploying viruses on the victims’ devices
Did you subscribe to our daily Newsletter?
It’s Free! Click here to Subscribe
Source: Tech Radar
