The FBI Updates Their Numbers And BEC Is Now A 26 Billion Dollar Scam



190910

FBI's Internet Crime Complaint Center (IC3) says that Business Email Compromise (BEC) scams —aka CEO Fraud—are continuing to grow every year, with a 100% increase in the identified global exposed losses between May 2018 and July 2019.

Also, between June 2016 and July 2019, IC3 received victim complaints regarding 166,349 domestic and international incidents, with a total exposed dollar loss of over $26 billion. "One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information or Wage and Tax Statement (W-2) forms," adds IC3.

The scam behind losses worth billions

Even though the number of BEC scams has also grown, the heightened awareness regarding this type of fraud scheme has also contributed to more reports coming from victims from all over the world which also added to the increased exposed losses reported for the last twelve months.

BEC scams have been reported throughout all U.S. States and in 177 countries around the world according to IC3, with scam-related transfers having been sent to banks from roughly 140 countries.

While accounts from banks from China and Hong Kong were the recipients of the largest share of fraudulent transfers, the FBI has also observed "an increase of fraudulent transfers sent to the United Kingdom, Mexico, and Turkey."

Defensive measures against BEC scams

IC3 provides the following guidelines for employees containing both reactive measures and preventative strategies:

  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII in response to any emails.
  • Monitor their personal financial accounts on a regular basis for irregularities, such as missing deposits.
  • Keep all software patches on and all systems updated.
  • Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders address email address appears to match who it is coming from.
  • Ensure the settings the employees’ computer are enabled to allow full email extensions to be viewed.

In addition, to make sure that their employees will not fall victims to BEC attacks, companies have to implement strict vendor processes to check and authenticate payment info changes via multiple types of methods.  And as always, many of the above bullets can be achieved by new-school security awareness training


Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat_get_a_quote_now

Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews