WIRED: "The Decade Big-Money Email Scams Took Over"

Excellent article in WIRED, where they observed that In the last few years, the "Nigerian prince" scams have gotten a major upgrade. Here is an extract and a link to the full article:

"For a long time cybercriminals believed that the money was within the masses," says Crane Hassold, senior director of threat research at the email security firm Agari and former digital behavior analyst for the Federal Bureau of Investigation. "But in fits and starts over the past decade and then especially beginning about five years ago you saw a pivot of the entire threat landscape—email scams, ransomware—making more money with targeting businesses than individuals. We’re certainly not at the peak of this wave right now. We are at a point of rapid evolution."

As spam filters improved and web users wised up, scammers found themselves hitting a plateau. So they did what any entrepreneur would: innovate and diversify.

Between June 2016 and July 2019 the FBI counted 166,349 BEC incidents in the US and abroad totaling more than $26 billion in losses. The Treasury Department’s Financial Crimes Enforcement Network estimates that BEC losses crossed $300 million per month with more than 1,100 incidents per month in 2018. And that just covers incidents that victims reported.

One catalyst of BEC growth is its reliance on the fundamentals of scamming, rather than requiring advanced hacking skills. Tricking someone into paying a fraudulent invoice over email isn't that different from charging people to play a rigged carnival game. Often, the most technical part of the scam for attackers involves using techniques like targeted spear phishing or credential stuffing to break into a company email account for legitimacy and to do recon on how to craft the most compelling scam.

Read the full article here