In this blog post, we will focus on the Business Email Compromise (BEC) data that the IC3 has reported since 2014.
In this blog post, we will focus on the Business Email Compromise (BEC) data that the IC3 has reported since 2014.
Tyler Adams
3 mins
Scams
Jul 14, 2021
The FBI’s Internet Crime Complaint Center (IC3) recently released its report of 2019 data. The report includes 2019 “hot topics” including business email compromise (BEC), ransomware, elder fraud, and tech support fraud. In this blog post, we will focus on the BEC data that the IC3 has reported on since 2014 when this category was first formally introduced and reported.
Business Email Compromise (BEC) is a sophisticated scam that is frequently carried out when an attacker compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
BEC is constantly evolving. Originally the scams began with the hacking or spoofing of the email accounts of CEOs or CFOs, and fraudulent emails were sent requesting wire payments be sent to fraudulent accounts. Over the years, the scam evolved to include personal emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.
IC3 reports on many categories of data, but the BEC numbers are staggering. We’ve gone from 2,400 reported incidents to over 23,000 in six years. Check out the graph and data below:
We should also add a major asterisk here that this is only a fraction of what actually took place. Industry experts estimate only 15% is being reported. Why? Many reasons: Fear of brand tarnishment, embarrassment, not knowing how to report. In reality, instead of a $1.7 billion problem, this could really be a $12 billion problem.
The number of real estate victims has hovered around 10,000 - 12,000 each year. But with approximately the same number of instances, we went from $18 million lost to $221 million of reported loss over a seven-year period. The attackers have figured out how the money is moving and they’ve hit gold. The fraudsters are sophisticated and they’ve honed their craft. The same way we have processes and procedures they have processes on phishing, spoofing, and monitoring. You can read more about the typical wire fraud playbook in an earlier post here.
Further explanations for the large focus on real estate transactions include the infrequent nature of the transaction and the large number of parties involved in each transaction.
Consumers simply don't have any muscle memory when it comes to real estate transactions. On average, there are at least 6.5 years between real estate transactions.
In a typical real estate transaction, there are usually 8 parties involved. From the buyer and seller to the mortgage company, the title company, realtors, and lawyers, all of these parties are communicating online - typically via email. If one person's account is exposed, everyone in the transaction is at risk.
There is no silver bullet to make attackers disappear, but we have to think about the question, "How do we manage this?" Assuming the trend continues or at least holds steady, this is a risk we will have to continue to manage within our organizations and with our partners and customers. It affects the entire ecosystem of our commerce. The solution requires a layered approach to security but putting up defense mechanisms in all areas of our business: hardware, software, people, processes. Our complete guide to wire fraud details how you can best be prepared and protect your business
Source: IC3 2019 Internet Crime Report - https://pdf.ic3.gov/2019_IC3Report.pdf
Co-founder & CEO
Tyler brings a decade of leadership experience developing and launching technology businesses. Before co-founding CertifID, Tyler led new product development at BCG Digital Ventures for Mercedes-Benz, First American Financial, Boston Scientific, and Aflac.
The FBI’s Internet Crime Complaint Center (IC3) recently released its report of 2019 data. The report includes 2019 “hot topics” including business email compromise (BEC), ransomware, elder fraud, and tech support fraud. In this blog post, we will focus on the BEC data that the IC3 has reported on since 2014 when this category was first formally introduced and reported.
Business Email Compromise (BEC) is a sophisticated scam that is frequently carried out when an attacker compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
BEC is constantly evolving. Originally the scams began with the hacking or spoofing of the email accounts of CEOs or CFOs, and fraudulent emails were sent requesting wire payments be sent to fraudulent accounts. Over the years, the scam evolved to include personal emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.
IC3 reports on many categories of data, but the BEC numbers are staggering. We’ve gone from 2,400 reported incidents to over 23,000 in six years. Check out the graph and data below:
We should also add a major asterisk here that this is only a fraction of what actually took place. Industry experts estimate only 15% is being reported. Why? Many reasons: Fear of brand tarnishment, embarrassment, not knowing how to report. In reality, instead of a $1.7 billion problem, this could really be a $12 billion problem.
The number of real estate victims has hovered around 10,000 - 12,000 each year. But with approximately the same number of instances, we went from $18 million lost to $221 million of reported loss over a seven-year period. The attackers have figured out how the money is moving and they’ve hit gold. The fraudsters are sophisticated and they’ve honed their craft. The same way we have processes and procedures they have processes on phishing, spoofing, and monitoring. You can read more about the typical wire fraud playbook in an earlier post here.
Further explanations for the large focus on real estate transactions include the infrequent nature of the transaction and the large number of parties involved in each transaction.
Consumers simply don't have any muscle memory when it comes to real estate transactions. On average, there are at least 6.5 years between real estate transactions.
In a typical real estate transaction, there are usually 8 parties involved. From the buyer and seller to the mortgage company, the title company, realtors, and lawyers, all of these parties are communicating online - typically via email. If one person's account is exposed, everyone in the transaction is at risk.
There is no silver bullet to make attackers disappear, but we have to think about the question, "How do we manage this?" Assuming the trend continues or at least holds steady, this is a risk we will have to continue to manage within our organizations and with our partners and customers. It affects the entire ecosystem of our commerce. The solution requires a layered approach to security but putting up defense mechanisms in all areas of our business: hardware, software, people, processes. Our complete guide to wire fraud details how you can best be prepared and protect your business
Source: IC3 2019 Internet Crime Report - https://pdf.ic3.gov/2019_IC3Report.pdf
Co-founder & CEO
Tyler brings a decade of leadership experience developing and launching technology businesses. Before co-founding CertifID, Tyler led new product development at BCG Digital Ventures for Mercedes-Benz, First American Financial, Boston Scientific, and Aflac.