FacebookTwitterLinkedIn

Business Email Compromise Scams Raked in $26 Billion

Karolis Liucveikis Written by on

In a recent public service announcement released by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) revealed the true extent and costs associated with Business Email Compromise (BEC) scams. IC3 in the announcement reported that there had been a 100% increase in BEC scams for the period of May 2018 to June 2019. BEC scams involve the spoofing of corporate email accounts known for conducting wire transfers across the globe to suppliers in different countries. Using numerous techniques, malware variants, and social engineering the scammers fraudulently wire funds, or in some cases convince employees to wire funds, to accounts under their control. These scams have seen increased rates of success as scammers often started impersonating CEOs and other positions of power to better trick employees.

In the announcement not only is the increase in such attacks given but the number of complaints received by the department. From June 2016 IC3 received 166,349 complaints both domestically and internationally. The department estimated that such scams have resulted in an estimated dollar loss of 26 billion. Importantly the scams do not only target large corporation but small and medium-sized businesses as well. A factor to be considered in the 100% increase is the increased awareness, both in the public and corporate spheres, of the scams. This increased awareness has attributed to more victims reporting complaints and opening cases. Such scams have been reported in 177 countries, along with funds been fraudulently sent from nearly 140 countries.

The data and statistics were compiled by IC3 along with data received by international and domestic law enforcement agencies across the globe. Along with law enforcement agencies, financial institutions also contributed data to create a better picture of the scams and the financial losses it causes.

bec scams raked 26 billion dollars

The announcement also defines other scams as BEC scams. IC3 also now classifies payroll diversion schemes that include an intrusion event with this type of fraud. This type of scam involves the attacker from gaining employee credentials via a phishing attack, then by using those credentials to change a victim’s banking details to ones controlled by the attacker. Salaries and wages are then paid to the attacker. The total loss recorded for such payroll diversion scams has amounted to over eight million USD, and a total of 1,053 complaints received since 2013. IC3 stated that,

“Payroll diversion schemes that include an intrusion event have been reported to the IC3 for several years. Only recently, however, have these schemes been directly connected to BEC actors through IC3 complaints.”

In defending against such attacks the IC3 advises the following precautionary measures:

  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII in response to any emails.
  • Monitor their personal financial accounts on a regular basis for irregularities, such as missing deposits.
  • Keep all software patches on and all systems updated.
  • Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders address email address appears to match who it is coming from.
  • Ensure the settings the employees’ computer are enabled to allow full email extensions to be viewed.

Not All Bad News

In conjunction with the announcement by IC3, the US Department of Justice issued a press release detailing the arrests of 281 people over a four-month period in relation to BEC scams. The arrests come as part of Operation reWired which was a coordinated effort between US law enforcement agencies as well as multiple law enforcement agencies from several countries. The Department of Justice (DoJ) summarised Operation reWired as,

“a significant coordinated effort to disrupt Business Email Compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens.”

Further, according to Chief Don Fort of IRS Criminal Investigation,

“In unraveling this complex, nationwide identity theft and tax fraud scheme, we discovered that the conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than $91 million in refunds,”

The operation resulted in 167 arrests in Nigeria, 18 in Turkey, and 15 in Ghana, with several others also made in France, Italy, Japan, Kenya, Malaysia, and the UK. Added to this the operation led to the seizure of approximately 3.7 million USD. The losses were collected by BEC scammers after redirecting wire payments as part of fraud schemes that trick businesses and individuals into sending funds to attacker-controlled bank accounts, in what appears to be the run of the mill BEC scams described above.

While the arrests and wire transfers managed to be recalled and sent to the sending accounts is undoubtedly good news, the operation is good news for another reason. The operation, funded and coordinated by the FBI, can serve as a future blueprint for further operations which involve international cooperation. Following the successes of No More Ransom, it is hoped that further arrests will follow other operations looking to curb cybercrime. Further, the DoJ advises that if you believe you are a victim of a BEC scam you are encouraged to file a complaint with IC3, further they explain the work of IC3 as,

“The IC3 staff reviews complaints, looking for patterns or other indicators of significant criminal activity and refers to investigative packages of complaints to the appropriate law enforcement authorities in a particular city or region. The FBI provides a variety of resources relating to BEC through the IC3, which can be reached at www.ic3.gov.”

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog