The Federal Bureau of Investigation (FBI) found that business email compromise (BEC) scams cost victims a combined total of $26 billion in losses over a three-year period.
On 10 September, the FBI’s Internet Crime Complaint Center (IC3) published a public service announcement in which it revealed that BEC scams had caused $26,201,775,589 in global losses. Those damages occurred across 166,349 separate incidents reported to the FBI between June 2016 and July 2019. Investigators received these complaints from victims based in all 50 states and 177 countries.
That’s not all the FBI related in its alert. Additionally, the Bureau conveyed that it had detected a 100 percent increase in identified global exposed losses stemming from BEC scams between May 2018 and June 2019. The IC3 noted that growing awareness of these ruses was partly responsible for this increase.
Acknowledging these damages, it’s not surprising that the FBI has stepped up its efforts to bring BEC scammers to justice. Case in point, the Department of Justice announced that it had collaborated with the Department of Homeland Security, Department of the Treasury, Postal Inspection Service, Department of State and foreign law enforcement bodies to arrest 281 individuals who had previously perpetrated business email compromise attacks. Agents made arrests in 10 countries and seized nearly $3.7 million in monies stolen from victims.
Chief Postal Inspector Gary Barksdale said that this international effort reflects the growing reality of BEC scams. As quoted in a Department of Justice press release:
The consequences of this type of fraud scheme are far reaching, affecting not only people in the United States, but also across the world. This investigation is just another example of how effective law enforcement agencies can be when they join forces. By working together, we can keep our communities and our vulnerable populations safe from financial exploitation.
The FBI said in its PSA that organizations can protect themselves against BEC attacks by using secondary channels and/or multi-factor authentication to ensure changes to payment accounts. It also urged organizations to keep systems up-to-date and to keep an eye out for suspicious URLs in emails.