Fraudsters are continuing to have quite a bit of success with business email compromise scams. Last year, companies in the United States lost more than $360 million to these schemes, an increase of nearly 50 percent from 2015.
The FBI’s 2016 Internet Crime Report, which the bureau’s Internet Crime Complaint Center (IC3) released Thursday, includes a wealth of data on many forms of electronic crime, and this year’s statistics reflect a major increase in losses from BEC scams as well as ransomware and tech support scams. BEC attacks have been making their way around the web for several years, and they can take many forms. The most common version involves an attacker sending targeted emails to employees in positions with control of a company’s money. Usually the attacker will have done research ahead of time and gathered information on the company’s structure, its partners, suppliers, and customers, and will craft the email to make it appear as if it came from the company’s CEO or CFO.
The messages often will order the recipient to transfer a large amount of money to a target account controlled by the attacker, usually on the pretext of some urgent transaction, such as an acquisition. Scammers will sometimes pretend to be from a legitimate customer or vendor of the target company, too. The losses from these schemes can be outrageous. A bank in Belgium lost $75 million in an email scam last year, and some U.S. businesses have been hit for several million dollars, as well.
“BECs may not always be associated with a request for transfer of funds. In 2016, the scam evolved to include the compromise of legitimate business email accounts and requests for Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees. The BEC/EAC scam is linked to other forms of fraud, including but not limited to: romance, lottery, employment, and rental scams. The victims of these scams are usually U.S. based and may be recruited to illegally transfer money on behalf of others,” the FBI said in its report.
The bureau said it received more than 12,000 individual BEC complaints from companies reporting losses that totaled more than $360 million. In 2015, the losses were at $246 million.
One of the other major issues the FBI focused on its report is the tech support scam. The agency said it received more than 10,000 complaints from consumers about various fake tech support schemes, with losses adding up to almost $8 million. These scams prey on victims’ lack of technical knowledge and the criminals behind them push victims into giving them access to their PCs on the pretense of fixing some non-existent problem.
“They’ll trick you into letting them into your computer,” said IC3 Unit Chief Donna Gregory. “You open the door and allow them in. You may think you’re just watching them install a program to get rid of a virus, but they are really doing a lot of damage behind the scenes.”