According to an alert published by the FBI last week, the losses and potential losses reported as a result of business email compromise (BEC) and email account compromise (EAC) scams is over $12 billion globally.
This figure is based on data collected by the FBI’s Internet Crime Complaint Center (IC3), international law enforcement agencies and financial institutions across the word between October 2013 and May 2018. During this time, the FBI found that 78,000 complaints were made, with over 41,000 victims reported in the U.S. alone.
BEC scams involve sending requests for fund transfers and PII from hijacked business email accounts. This type of attack is seen everywhere around the world. To date, BEC scams have been spotted in every U.S. state, 150 different countries, and money sent to 115 different countries. Asian banks in China and Hong Kong represent the top destinations for money generated by BEC scams, however, a large amount of BEC scams involve financial institutions in the U.K., Mexico, and Turkey.
The FBI found that targeted individuals and businesses lost or could have lost $12.5 billion, nearly $3 billion of which the U.S. losses increased by 136% between December 2016 and May 2018. Victims outside of the U.S. known to the FBI is 2,656, yielding over $670 million in losses.
The FBI’s last report on BEC scams found that there were 40,203 incidents reported globally, with over $5.3 billion in losses or potential losses. In 2016 the FBI reported 22,000 victims and nearly $3.1 billion in losses reported from October 2013 to May 2016.
The report found that the real estate industry is increasingly being targeted by hackers, including law firms, title companies, real estate agencies, real estate agents, sellers and also buyers. According to the alert, “From calendar year 2015 to calendar year 2017, there was over an 1100% rise in the number of BEC/EAC victims reporting the real estate transaction angle and an almost 2200% rise in the reported monetary loss. May 2018 reported the highest number of BEC/EAC real estate victims since 2015, and September 2017 reported the highest victim loss.
The best approach to handling BEC is to accept that humans are fallible and will make mistakes but to recognize that checks and balances are essential to stay safe from attack. File Integrity Monitoring is advocated as an essential security defense by all leading authorities, such as NIST, CIS, and the PCI Security Standards Council. Introducing NNT’s real-time FIM solution into your IT Environment will ensure that a secure, hardened build standard is maintained at all times, and if any changes are made in underlying core file systems, you’ll be notified in real time and able to take action before any serious harm is done.