FBI: BEC Losses Surged to $1.3bn in 2018

FBI: BEC Losses Surged to $1.3bn in 2018

The FBI dealt with cyber-attacks causing losses of over $2.7bn in 2018, nearly half of which were linked to Business Email Compromise (BEC) scams.

In total, there were over 20,000 victims of BEC/Email Account Compromise (EAC) last year, leading to losses of just under $1.3bn, the largest of any cybercrime type. The nearest to this were confidence fraud/romance scams ($362m) and investment cybercrime ($253m), according to the 2018 Internet Crime Report.

The FBI noted an increase in the number of gift card BEC scams, of the sort spotted by Agari recently. The security vendor claimed fraudsters are increasingly transferring their victims from email to mobile communications early on in the scam.

The largest group losing money to cyber-criminals was the over-60s ($649m), followed by the 50-59 age group ($495m). This could be partly explained by the continued prevalence of tech support scams which predominantly target the elderly. There were over 14,000 reported victims last year, linked to losses reaching almost $39m — a 161% increase from 2017.

Elsewhere, the number of reported ransomware victims dropped from 1783 to 1493 cases. However, the losses incurred by these victims rose from $2.3m to $3.6m. What’s more, these estimates don’t include lost business, wages, files, equipment, productivity or third-party remediation.

“In some cases, victims do not report any loss amount to the FBI, thereby creating an artificially low ransomware loss rate. Lastly, the number only represents what victims report to the FBI via the IC3 and does not account for victim direct reporting to FBI field offices/agents,” the report claimed.

Finally, the FBI also noted a strong surge in extortion-related attacks in 2018. The 51,000+ complaints it received accounted for losses of over $83m, a 242% increase on 2017 figures. These included DoS attacks, “hitman schemes,” sextortion, government impersonation schemes, loan schemes, and high-profile data breaches.

Source: Information Security Magazine