FBI Reports Business Email Compromise (BEC) Scams Result in $5 Billion+ Losses Worldwide; How to Immediately Cut Your Risk

May 08, 2017
Ryan Kalember, senior vice president of Cybersecurity Strategy

Last week, the FBI issued a new report that business email compromise (BEC) losses have reached more than $5 billion worldwide, which is a significant jump from the FBI’s April and June 2016 reports which called out $2.3 billion and $3.1 billion in losses respectively.

According to the PSA, between October 2013 and December 2016, more than 40,000 BEC incidents occurred in worldwide. And just between “January 2015 and December 2016, there was a 2,370% increase in identified exposed losses.” This news supports our recent findings that BEC attacks increased by 45 percent in the last three months of 2016 vs. the prior three months.

In total, 75 percent of Proofpoint’s worldwide customer base experienced at least one BEC attack attempt in the last three months of 2016. One thing is clear. These scams are profitable for cybercriminals which means they will continue to innovate their techniques and work to fool victims worldwide.

BEC scams are unique email phishing cons because they don’t feature technical exploits—they simply rely on tricking and pursuing victims to take action, like wiring money or sending confidential data. By taking advantage of the digital trust that our global society relies on to function, cybercriminals have found that sending a well-crafted, engineered email to victims can be just as effective and cheaper than breaking into their network.

Last week’s PSA is also inline with our findings that there is no correlation between the size of the company and BEC attack volume. Companies of all sizes are targets because, while larger companies may yield a lower percentage “success” rate (due to greater controls), successes might provide greater average returns to criminals. While smaller companies may be more vulnerable, their lower budgets may make them less valuable targets. It’s important that companies with more complex supply chains be especially on the lookout as manufacturing, retail and technology organizations are generally more targeted with BEC attacks.

BEC attacks put every email relationship at risk. For more information on how to immediately begin to combat BEC attacks, check out our BEC Survival Guide: https://www.proofpoint.com/us/resources/white-papers/bec-survival-guide and visit our recommendation center: https://www.proofpoint.com/us/solutions/business-email-compromise.