Latest numbers show why BEC/EAC scams are here to stay
Extortion has become the second most often reported type of cybercrime, but BEC/EAC scams still reign supreme when it comes to monetary loss (or criminals’ earnings), the latest IC3 Internet Crime Report has revealed.
BEC/AEC scams are the most lucrative
In 2017, FBI’s Internet Crime Complaint Center (IC3) reported that the BEC/EAC complaints they dealt with (15,609) came with an approximate $676 million loss. In 2018, the BEC/EAC complaints were 20,373, but the losses reached nearly $1.3 billion.
One good news is that IC3’s Recovery Asset Team (RAT), which was established in February 2018 to streamline communication with financial institutions and assist FBI field offices with the recovery of funds for victims who made transfers to domestic accounts under fraudulent pretenses, has been rather successful. In the 1,061 incidents they got involved, they managed to recover 75 percent of the money that would have been lost.
“In September 2018, the IC3 RAT received a complaint filed by a BEC victim located in Colorado. The victim reported that they initiated a fraudulent wire transfer of $56,179.27 after receiving a spoofed email from a lending agent during a real estate transaction. The IC3 RAT, working in coordination with the Denver Field Office, contacted the victim’s bank and worked with the fraud department to freeze the funds. Because of the IC3 RAT’s communication with the bank, the victim was able to recover $54,000.00 of the funds, and purchase their new home,” the FBI shared its successes.
“In August 2018, the IC3 RAT received a complaint filed on behalf of a town located in New Jersey. The town was the victim of a BEC scam in which they transferred over $1M to a fraudulent account. The IC3 RAT, in coordination with the Newark Field Office, worked with the financial institution partners to successfully freeze the funds and return the money to the town.”
As in 2017, the most often reported crime type in 2018 was Non-Payment/Non-Delivery (goods and services are shipped, but payment is never rendered or payment is sent, but goods and services are never received).
Extortion came in second place, mainly due to a sextortion campaign in which victims received an email threatening to send a pornographic video of them or other compromising information to family, friends, coworkers, or social network contacts if a ransom was not paid. The rest of the crimes that fall under that category are DoS attacks, government impersonation schemes, loan schemes, high-profile data breaches, and hitman schemes (but not ransomware – that gets a category of its own).
In 2017, number of extortion-related complaints was 14,938. In 2018 it reached 51,146.
Other interesting revelations
The report also shows that:
- The number of registered complaints has risen slightly (301,580 in 2017, compared to 351,937 in 2018), but losses have exploded ($1.4 billion in 2017, compared to $2.7 billion in 2018)
- Tech support fraud continues to be a growing problem and the majority of victims are over 60 years of age.
- The number of ransomware complaints has fallen and ransomware losses are up by just $1.3 million
- When the US is excluded, India, the UK, Canada, Australia and Georgia top the list of countries by victim count. (For those who don’t know, the IC3 accepts complaints about Internet-facilitated criminal activity and forwards them to the appropriate law enforcement agencies – in and outside the US – to investigate. The only condition that has to be satisfied in order for a report to be cosidered is that either the victim or the alleged subject of the crime is located within the US.)