Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:45 PM
Connect Directly

FBI: Business Email Compromise Cost Businesses $1.7B in 2019

BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.

Business email compromise (BEC) attacks cost organizations an estimated $1.77 billion in losses in 2019, reports the FBI, which received a total of 23,775 complaints related to this threat.

The FBI's Internet Crime Complaint Center (IC3) this week released its "2019 Internet Crime Report," which digs into cybercrime trends throughout the year. In 2019 the IC3 received 467,361 complaints, which cost organizations $3.5 billion overall – up from $2.7 billion in 2018.

The most frequently reported complaints relate to phishing and similar attacks, non-payment/non-delivery scams, and extortion, officials say. But the most expensive complaints are related to BEC, romance or confidence fraud, or copying the account of a person or vendor to collect personal or financial data about a victim familiar with them, according to the report

BEC attacks, also known as email account compromise (EAC), are constantly evolving as adversaries become more sophisticated. Back in 2013, scams often started with the spoofing of a CEO's or CFO's email account. Fraudsters sent emails appearing to come from these execs to convince employees to send wire transfers to fake accounts.

Since then, BEC has evolved to include the compromise of personal and vendor emails, spoofed lawyer email accounts, and requests for W-2 data. Attackers often target the real-estate sector and/or make requests for expensive gift cards. In 2019 IC3 saw an increase in BEC complaints related to the diversion of payroll sums: Attackers send a fake email to a human resources or payroll department requesting an update to a specific employee's direct deposit information.

Gift card attacks are especially popular toward year's end. In the fourth quarter of 2019, they made up 62% of all BEC attacks, Agari researchers point out in its Q1 2020 "Email Fraud and Identity Deception Trends" report, published today. The weeks leading up to the holidays are prime for gift card fraud because attackers can target any department, not just HR or payroll. In the last three months of 2019, gift cards requested in BEC scams averaged more than $1,600, according to AGari.

"The attackers are looking for new sources of revenue from people," says Erich Kron, security awareness analyst at KnowBe4. "For example, instead of just going after wire transfers, something that people are becoming aware of, they have changed to redirecting paychecks to different accounts or getting people to purchase a large number of gift cards, then having them send the card numbers and information under the guise of an executive rewarding employees or thanking vendors."

Kron also points to a rise in hybrid attacks in which a victim receives an email making a request and simultaneously receives a text message from a spoofed number designed to seem like the same person, saying they sent an email. It's a highly targeted but effective technique, he says, and it's less commonly known than wire transfers. Victims trust the second request source.

Agari also noticed a rise in impersonation attacks. Phishing and BEC attacks impersonating specific people reached 32% between October and December 2019, up from 12% in the second quarter. Now these threats are around the same level as brand impersonation (36%).

Other Forms of Cybercrime to Watch
The IC3 reports cases of "elder fraud," or financial schemes that target or disproportionately affect people over 60, are increasingly common. They may be the victims of investment fraud, romance scams, tech support scams, or government impersonation fraud. In 2019 the IC3 received 68,013 complaints from elderly victims, with adjusted losses exceeding $835 million.

Tech support scams, in which a criminal poses as a technical pro to defraud victims, are a growing problem on their own. The IC3 received 13,633 complaints related to tech support fraud in 2019 from victims across 48 countries, with losses amounting to more than $54 million.

Then there is ransomware, another type of cyberattack undergoing evolution as attackers grow increasingly sophisticated. In 2019 the IC3 received 2,047 complaints identified as ransomware, with adjusted losses of more than $8.9 million. It urges victims to not pay ransom to attackers.

A variety of new techniques are helping attackers bypass security tools and launch successful ransomware campaigns, says Tal Zamir, founder and CTO at Hysolate. They target non-email applications like Slack, WhatsApp, and Teams, as well as existing vulnerabilities in antivirus products. Attackers are also known to build fileless malware designed to slip past endpoint security agents. User devices have a huge code base for attackers to target, including the operating system code and middleware.

"Losses will continue to increase as ransomware becomes more sophisticated and can cause greater harm," says Zamir. "If in the past ransomware was limited to encrypting local files and demanding a ransom for decrypting, next-generation ransomware might automatically leak some of the data to show the potential damage or even go further and encrypt or leak data in cloud systems that aren't available locally on the endpoint."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide"

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[email protected],
User Rank: Apprentice
2/19/2020 | 11:43:02 PM
Cyber security
This post by Kelly is such an eye-opener to understanding all the cybersecurity problems. It is very crucial to be careful about what is happening around us on the internet. Blind belief and sharing of personal data must be restricted and monitored. There are numerous cyberattacks, and most of them are mentioned here. Thank you for the information and tips to handle such issues.
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...