FBI report: Business Email Compromise caused up to $26 billion in economic losses for global organizations
The US Internet Crime Complaint Center (IC3) estimates that in the past three years, Business Email Compromise/Email Account Compromise (BEC/EAC) has caused up to $26 billion in economic losses for global organizations. The $26 billion in losses include actual economic losses and losses caused by attempted BEC fraud. Statistics show that between June 2016 and July 2019, IC3 received 166,349 domestic and international incidents about victims of BEC fraud. According to the FBI, the targets of BEC fraud include small, medium and large enterprise organizations.
“Phishing warning”by Christiaan Colen is licensed under CC BY-SA 2.0
Just last July, the US Federal Bureau of Investigation issued a report stating that commercial e-mail attack (BEC) fraud has caused global losses and potential losses of more than $12 billion. This report is based on data from the Internet Crime Complaint Center (IC3), international law enforcement agencies, and financial institutions collected from October 2013 to May 2018. In addition, the agency estimates that the BEC losses in the United States alone in 2010 were as high as $1.3 billion.
The FBI noted that BEC fraud has been reported in all 50 states and 177 countries around the world, and banks in about 140 countries have received fraud-related transfers. Although bank accounts from mainland China and Hong Kong are the biggest beneficiaries of fraudulent transfers, the FBI has noted that fraudulent transfers to the UK, Mexico, and Turkey are on the rise. Based on the number of US victims received between October 2013 and July 2019 (69,384), IC3 found that the total loss of US victims has reached $10.1 billion.
The FBI recommends that employees use two-factor authentication to verify requests for account information changes and phishing awareness training to help them understand phishing URLs. FBI also recommends that employees regularly check their personal finance accounts to see lost payments. In addition, administrators should ensure that the system is up to date and patched.