Business email compromise (BEC) scams have raked in $3.1 billion in the U.S. since 2016, pulling in $750.3 million in the first five months of this year alone, according to Is That Email Really From 'The Boss?', a new report from the Better Business Bureau.
The study, quoting figures compiled by the Financial Crimes Enforcement Network (FinCEN), notes that $1.3 billion was lost to BEC scams last year, up from $360.5 million in 2016. And bad actors attempted to trick companies out of another $23 billion.
A wave of prosecutions has slowed some — but not all — of the activity.
The U.S. isn’t alone. BEC losses topped $60 million last year in Australia, a 170% increase over 2017. And Canadian businesses have lost $9 million from January to May of this year, versus $6 million in all of 2018.
In addition, the FBI reports that BEC attacks result in greater losses than any kind of fraud. And last year, 80% of businesses received at least one BEC email.
This form of fraud has tripled over the last three years, leaping by 50% in the first three months of 2019, according to figures released by Symantec, the BBB adds.
One can only conclude that most of the losses stem from employee carelessness or gullibility.
Losses are 10 times more likely to occur if the recipient opens a malicious email, the BBB states.
Increasingly, BEC emails pretend to be from a person’s boss. KnowBe4 has documented the following subject lines. (We follow their capitalization):
Most people will open such emails when they appear to come from a senior executive. And, the BBB notes that some BEC emails “really do come from the superior’s email account.”
BEC scam artists also carefully time their attacks — for example, around holidays, when more temporary employees are on board and top executives are out of the office.
According to the report, the FBI recognizes at least six kinds of attack (and we quote):
From a technical standpoint, the BBB advises companies to:
Companies also should change their internal cultures: