The latest data from the FBI’s Internet Crime Complaint Center (IC3) ups the estimate for the cost of losses and exposure through business email compromise (BEC) attacks from 2013 through 2023.
In the latest advisory from the IC3 entitled “Business Email Compromise: The $50 Billion Scam,” there was a 17% increase in losses from BEC attacks in 2022. This report aligns with other data we’ve seen – specifically around BEC attack volume (both successful and unsuccessful attacks) increasing by 178%.
According to the IC3 advisory, BEC is being experienced throughout the globe, “…reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers.” In total, the IC3 estimates the global exposed losses (meaning the potential loss of all reported attacks) since 2013 to now be hovering at $50.8 billion. This is up from their estimate of $43 billion in May of last year.
BEC attacks are relatively simple to execute, often requiring little more than the most basic of impersonation, a little due diligence around who within the victim organization to target, and an realistic-looking invoice from the company being impersonated – as in the case of a BEC attack on the City of Fresno, CA last year.
It’s critical that employees who are involved with the organization’s finances in any way are required to take security awareness training regularly as part of their role to instill a sense of vigilance – a sort of, “guilty until proven innocent” mentality when it comes to any communication involving payments, regardless of whether the communication seemingly comes from within the organization or from the outside.