The FBI has warned that business email compromise (BEC) fraud cost businesses around the world $43 billion in losses during the period between June 2016 and December 2021.
The FBI's Internet Crime Center (IC3) logged a whopping 241,206 complaints in the four-and-a-half-year period, with losses totaling $43 billion, according to a new public service announcement.
BEC fraud was the biggest category of cybercrime by financial losses in 2021, according to IC3. BEC cost businesses $2.4 billion in 2021, up from $1.8 billion in 2020.
SEE: Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts
US losses recorded by the FBI are much larger than losses reported by victims in non-US jurisdictions. Between October 2013 and December 2021, 116,401 victims reported total losses of $14.8 billion. In that period, 5,260 non-US victims reported losses of $1.27 billion.
BEC is a global problem. The scam has been reported in all 50 US states and by victims in 177 countries. Meanwhile, over 140 countries have received fraudulent transfers, according to IC3. However, banks located in Thailand and Hong Kong were the primary destination for the funds, followed by China, Mexico and Singapore.
BEC scams are considered a sophisticated ruse that targets business and individuals who are duped into transferring funds to the scammer's account under the belief they are performing a legitimate transaction.
The FBI believes the pandemic and the shift to everything online spurred a 65% growth in BEC fraud losses between July 2019 and December 2021.
"Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars," IC3 notes.
"This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually."
It also reports an uptick in complaints involving cryptocurrency transfers.
The value of cryptocurrency today had a market cap of $3 trillion in November, up from just $14 billion five years ago, the US secretary of the Treasury recently noted.
SEE: The Emotet botnet is back, and it has some new tricks to spread malware
The two main forms of BEC involving cryptocurrency were direct transfers, just like traditional BEC fraud, while the second involved a "second hop", usually to a cryptocurrency exchange. In both situations, the victim is unaware that the funds are being sent to be converted to a cryptocurrency, says IC3.
Second hop transfers often involves tricking the victim into providing identity documents, such as a drivers license or passport, which the attacker uses to open cryptocurrency wallets in the victim's name. In 2020, IC3 received reports of $10 million in losses from victims involving cryptocurrency. By 2021, the value of cryptocurrency-related losses ballooned to $40 million.
FBI advice for protecting yourself includes: