Email inboxes are being deluged with business email compromise (BEC) attacks, and legitimate companies are losing money because of them: more than $43 billion ($43,312,749,946) worldwide in the period between June 2016 and December 2021, the FBI said in a report on Thursday.
Typically, these email schemes target persons who are responsible for transfer of funds at companies. The scammers attempt to inveigle them into moving money over. And many do.
Bad actors typically compromise business or personal email accounts through social engineering or computer intrusion.
There were 241,206 domestic and international incidents between June 2016 and December 2021.
In the United States, 116,401 people and firms were victimized between October 2013 and December 2021, to the tune of $14,762,978,290, based on complaints to the Internet Crime Complaint Center (IC3).
In addition, there were 5,260 non-U.S. victims in this period and a total dollar loss of $1,277,131,099.
And, the FBI saw a 65% increase in global losses between July 2019 and December 2021.
Meanwhile, crypto currency complaints reflected $40 million in losses in 2021. Crypto ripoffs weren’t even been seen before 2018, but the FBI expects them to grow in the years to come.
Some scammers seek a direct transfer of crypto funds, mirroring the traditional patterns of BEC attacks. But some pursue “second hop transfers,” conducting extortion, tech support and romance scams.
Not all BEC attacks involve transfer-of-funds: Some seek personally identifiable information on employees, including tax W-2 forms and crypto currency wallets.
Banks in Thailand and Hong Kong were the primary locations for fraudulent funds. China, which had been in the top two for years, fell to second, followed by Mexico and Singapore.
The FBI advises companies to use secondary channels or two-factor authentication to verify requests for changes in account information.
Also, companies should verify that the URL in emails is associated with the business or individual it claims to be from.
Firms should also make sure that the setting in employees’ computers allow full email extensions to he viewed.
Overall, the BEC scam has been reported in all 50 U.S. states and 177 countries with over 140 nations receiving fraudulent transfers, the FBI reports.