Business email compromise (BEC) and email account compromise (EAC) scams are still the most lucrative schemes for cybercriminals: the FBI’s Internet Crime Complaint Center (IC3) has calculated that, in 2019, the average monetary loss per BEC/EAC scam complaint reached $75,000.
BEC scams in 2019
During the past year, the IC3 received a total of 467,361 cybercrime complaints with reported losses exceeding $3.5 billion, and $1.77 billion of those are the result of BEC/EAC.
For comparison, BEC/EAC-associated losses were $1.3 billion in 2018, $676 million in 2017 and $360 million in 2016 (with a $30,000 average monetary loss per complaint).
The IC3 also observed an increase in the number of BEC/EAC complaints related to the diversion of payroll funds.
Some victims can get their money back, though: IC3’s Recovery Asset Team (RAT), which was established to streamline communication with financial institutions and assist FBI field offices, gets involved if the victims made transfers to domestic accounts under fraudulent pretenses.
In 2019, they recovered $305 million of the $384 million lost in 1,307 such incidents, by reacting quickly and requesting banks to freeze the accounts involved. In some cases, they even managed to identify the scammer.
“In February 2019, the IC3 RAT received a complaint involving a BEC incident for $138,000, where the victim received a spoofed email and wired funds to a fraudulent bank account in Florida. The RAT took quick action and worked with key financial partners to freeze the funds,” the IC3 shared.
“When the perpetrator attempted to withdraw funds, the RAT’s collaboration with financial partners enabled the bank employee to request the perpetrator provide documents to support the receipt of the wire. When the account holder was unable to provide legitimate documentation, the bank alerted local law enforcement and as a result, the account holder was arrested by the Fort Lauderdale Police Department.”
Other interesting findings
The most prevalent crime types reported in 2019 were Phishing/Vishing/Smishing/Pharming, Non-Payment/Non-Delivery, Extortion, and Personal Data Breach:
Elder fraud is also a big problem.
“Victims over the age of 60 may encounter scams including Advance Fee Schemes, Investment Fraud Schemes, Romance Scams, Tech Support Scams, Grandparent Scams, Government Impersonation Scams, Sweepstakes/Charity/Lottery Scams, Home Repair Scams, TV/Radio Scams, and Family/Caregiver Scams. If the perpetrators are successful after initial contact, they will often continue to victimize these individuals,” the IC3 explained.
One of the reasons scammers like to target the elderly is because they are believed to have significant financial resources.
And despite ransomware grabbing many news headlines in the last year, the IC3 has received “just” 2,047 complaints about it, with adjusted losses of over $8.9 million.
It’s likely that many victims choose not to involve the FBI when hit by ransomware, but the IC3 urges them to come forward whether they intend to pay the ransom or not.
“While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. The decision to pay the ransom should not dissuade someone from contacting the FBI,” they noted.