Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

BEC Losses Surpassed $1.7 Billion in 2019: FBI

Both the frequency and costs associated with Internet crime have increased in 2019, with email compromise scams generating half of the incurred financial loss, according to the FBI.

Both the frequency and costs associated with Internet crime have increased in 2019, with email compromise scams generating half of the incurred financial loss, according to the FBI.

Last year, the FBI’s Internet Crime Complaint Center (IC3) received 467,361 complaints of suspected Internet crime, with phishing/vishing/smishing/pharming, non-payment/non-delivery, extortion, and personal data breach being the most prevalent types of reported crime.

The reported losses exceeded $3.5 billion for 2019, and business email compromise (BEC) and email account compromise (EAC) were the top crime based on the amount of reported losses, at $1.7 billion, the IC3’s 2019 Internet Crime Report (PDF) reveals.

Both the overall number of complaints and the total reported financial losses went up compared to 2018, when IC3 received 351,937 complaints, for a total of $2.7 billion reported losses.

The total losses from reported Internet crime over the past five years (2015 – 2019) has surpassed $10.2 billion and the IC3 received a total of 1,707,618 complaints during this period, at an average of more than 340,000 complaints per year.

The IC3 received 23,775 BEC/EAC complaints last year and says both businesses and individuals were targeted, with cybercriminals attempting to trick victims into transferring funds to attacker-controlled accounts. Social engineering is used to compromise a legitimate email account and set up the scam.

Over the years, BEC/EAC scams evolved from spoofing email accounts to compromising both personal and vendor emails, and fraudulently requesting large amounts of gift cards. Last year, there was an increase in complaints related to the diversion of payroll funds, where the attackers attempt to deceive a company’s human resources or payroll department into updating an employee’s direct deposit details.

Last year, the IC3 received 13,633 complaints related to tech support fraud, with losses surpassing $54 million, marking a 40 percent increase compared to the losses registered in 2018. Victims were located in 48 countries and most of them were over 60 years of age.

Advertisement. Scroll to continue reading.

The IC3 received 2,047 complaints related to ransomware, with adjusted losses of over $8.9 million. The FBI advises ransomware victims to not pay the ransom, as that does not guarantee regaining access to the data.

The elderly were targeted by fraudsters the most, with 68,013 complaints received in 2019 from victims over the age of 60 and reported losses exceeding $835 million.

The IC3 received 50,608 complaints from individuals aged 50 – 59 ($589.6 million in losses), 51,864 complaints from people aged 40 – 49 ($529 million in losses), 52,820 complaints from victims aged 30 – 39 ($332 million in losses), 44,496 complaints from individuals aged 20 – 29 ($174.6 million in losses), and 10,724 complaints from victims under the age of 20 ($421 million in losses).

Following the United States, for which the agency received nearly 350,000 complaints, the most targeted countries were the United Kingdom, with 93,796 complaints, Canada with 3,721, and India, with 2,901 complaints.

“Criminals are getting so sophisticated, it is getting harder and harder for victims to spot the red flags and tell real from fake,” Donna Gregory, the chief of IC3, said. “You may get a text message that appears to be your bank asking you to verify information on your account. Or you may even search a service online and inadvertently end up on a fraudulent site that gathers your bank or credit card information.”

“In the same way your bank and online accounts have started to require two-factor authentication—apply that to your life. Verify requests in person or by phone, double check web and email addresses, and don’t follow the links provided in any messages,” Gregory said.

Related: BEC Fraud Losses Grew to $1.3 Billion in 2018: FBI

Related: Loss to BEC Fraud Now Claimed to be $26 Billion

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.