Cyber Crime

FBI – Crooks sought to steal over $3 billion through BEC scams

The FBI disclosed the data related Business e-mail compromise (BEC) crimes, hackers sought to steal over $3 billion through this illegal practice.

Business e-mail compromise – BEC crimes are a serious problem for companies, hackers have sought to steal more than $3.1 billion from businesses exploiting this practice, the Federal Bureau of Investigation recently warned.

The data are even more worrisome if we consider the increment of BEC crimes observed in the last year, according to the FBI losses represent a 1,300 percent increase since January 2015.

Last update on data related BEC scams was shared by the FBI in an alert issued in April 2016, according to the Bureau, the cyber criminals have stolen more than $2.3bn from 17,642 victims since 2013 in BEC attacks. Each company has lost between $25,000 and $75,000 per attack.

What is a BEC scam?

“BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” reported the last Public Service Announcement (PSA). “Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.”

Scammers use to pretend to be executives that send emails to employees that tricked into thinking the messages are legit, hand over sensitive information to the attackers.

The impact of such kind of scams could be dramatic, the Austrian engineering firm FACC which designs Airbus, Boeing aero parts lost about 50 million euros ($55 million) due to a BEC scam.

In May, the FBI issued the annual Internet Crime Complaint Center (IC3) report that indicates 7,838 victims reported the loss of more than $263 million.

Now the FBI has updated its data reporting 22,143 worldwide BEC victims representing $3.1 billion in losses since January 2015. In the US the FBI counted 14,032 U.S. BEC victims representing $961 million dollars in losses between October 2013 and May 2016.

The data is alarming for the US authorities, 88 percent of all worldwide victims being U.S.-based and 90 percent of losses coming from US businesses.

“The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses. The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.“ continues the PSA.

In order to avoid such kind of scams, the FBI recommends companies control the attack surface, carefully manage every corporate information is shared online, especially hierarchical information, job descriptions, and out of office details. Be suspicious of requests for secrecy or pressure to take action quickly. Consider additional IT and financial security procedures, including the implementation of

Let me close with statistics included in the PSA:

Domestic and International victims: 22,143
Combined exposed dollar loss: $3,086,250,090

The following BEC statistics were reported in victim complaints to the IC3 from October 2013 to May 2016:

Domestic and International victims: 15,668
Combined exposed dollar loss: $1,053,849,635
Total U.S. victims: 14,032
Total U.S. exposed dollar loss: $960,708,616
Total non-U.S. victims: 1,636
Total non-U.S. exposed dollar loss: $93,141,019

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Business e-mail compromise BEC , FBI)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

3 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

14 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

18 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

24 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.