Security Experts:

BEC Losses Surpassed $1.7 Billion in 2019: FBI

Both the frequency and costs associated with Internet crime have increased in 2019, with email compromise scams generating half of the incurred financial loss, according to the FBI.

Last year, the FBI’s Internet Crime Complaint Center (IC3) received 467,361 complaints of suspected Internet crime, with phishing/vishing/smishing/pharming, non-payment/non-delivery, extortion, and personal data breach being the most prevalent types of reported crime.

The reported losses exceeded $3.5 billion for 2019, and business email compromise (BEC) and email account compromise (EAC) were the top crime based on the amount of reported losses, at $1.7 billion, the IC3’s 2019 Internet Crime Report (PDF) reveals.

Both the overall number of complaints and the total reported financial losses went up compared to 2018, when IC3 received 351,937 complaints, for a total of $2.7 billion reported losses.

The total losses from reported Internet crime over the past five years (2015 – 2019) has surpassed $10.2 billion and the IC3 received a total of 1,707,618 complaints during this period, at an average of more than 340,000 complaints per year.

The IC3 received 23,775 BEC/EAC complaints last year and says both businesses and individuals were targeted, with cybercriminals attempting to trick victims into transferring funds to attacker-controlled accounts. Social engineering is used to compromise a legitimate email account and set up the scam.

Over the years, BEC/EAC scams evolved from spoofing email accounts to compromising both personal and vendor emails, and fraudulently requesting large amounts of gift cards. Last year, there was an increase in complaints related to the diversion of payroll funds, where the attackers attempt to deceive a company’s human resources or payroll department into updating an employee’s direct deposit details.

Last year, the IC3 received 13,633 complaints related to tech support fraud, with losses surpassing $54 million, marking a 40 percent increase compared to the losses registered in 2018. Victims were located in 48 countries and most of them were over 60 years of age.

The IC3 received 2,047 complaints related to ransomware, with adjusted losses of over $8.9 million. The FBI advises ransomware victims to not pay the ransom, as that does not guarantee regaining access to the data.

The elderly were targeted by fraudsters the most, with 68,013 complaints received in 2019 from victims over the age of 60 and reported losses exceeding $835 million.

The IC3 received 50,608 complaints from individuals aged 50 – 59 ($589.6 million in losses), 51,864 complaints from people aged 40 – 49 ($529 million in losses), 52,820 complaints from victims aged 30 – 39 ($332 million in losses), 44,496 complaints from individuals aged 20 – 29 ($174.6 million in losses), and 10,724 complaints from victims under the age of 20 ($421 million in losses).

Following the United States, for which the agency received nearly 350,000 complaints, the most targeted countries were the United Kingdom, with 93,796 complaints, Canada with 3,721, and India, with 2,901 complaints.

“Criminals are getting so sophisticated, it is getting harder and harder for victims to spot the red flags and tell real from fake,” Donna Gregory, the chief of IC3, said. “You may get a text message that appears to be your bank asking you to verify information on your account. Or you may even search a service online and inadvertently end up on a fraudulent site that gathers your bank or credit card information.”

“In the same way your bank and online accounts have started to require two-factor authentication—apply that to your life. Verify requests in person or by phone, double check web and email addresses, and don’t follow the links provided in any messages,” Gregory said.

Related: BEC Fraud Losses Grew to $1.3 Billion in 2018: FBI

Related: Loss to BEC Fraud Now Claimed to be $26 Billion

view counter