BEC Scams Amount to $3 billion According to Latest FBI PSA

The FBI has released an updated public service announcement about the sudden spike in the pernicious business email compromise (BEC) scams. According to the announcement (I-061416-PSA), which includes new Internet Crime Complaint Center (IC3) complaints, and updated statistical data, BEC has continued to grow, evolve, and target businesses of all sizes. According to the new data set, BEC schemes have caused US$3 billion in damages from domestic and international victims.

[READ: The Numbers Behind BEC Scams]

According to the FBI, in October 2013 through May 2016, US and foreign victims have reported 22,143 BEC-related cases, resulting in a 1300% increase in identified losses since January 2015. Following BEC’s predecessors Predator Pain, Limitless, and Hawkeye, Olympic Vision was the fourth malware used in a BEC campaign and was found to have targeted 18 companies in the US, Middle East, and Asia. Attackers behind this campaign used Olympic Vision, a keylogger purchased online for $25 that came as an attachment in emails. Once opened, a backdoor is installed and infects the victim’s system and steals vital information.

In May 2016, Fischer Advanced Composite Components AG (FACC), an Austrian aeronautics company reported being swindled a record 42 million euros (around $47 million) through a spear-phishing attack. According to reports, the incident occurred last January and involved a fake email disguised as its former CEO Walter Stephan, conning one of FACC’s financial department employee into wiring 50 million euros that was supposedly for one of the company’s acquisition projects. Fortunately, FACC was quick to realize that they were being tricked and immediately implemented countermeasures and was able to successfully transfer 10.9 million euros on the recipient accounts. The rest of the money, unfortunately, has already been wired in Slovakia and across Asia.

[READ: Austrian aeronautics company loses 42 million euros to BEC scam]  

The recent increase in BEC-related incidents is partly attributed to the effort made by law enforcement agencies to categorize these scams separately as “BECs,” where the business and not the customer are targeted, rather than generic wire fraud. Based on the FBI’s data, the BEC statistics that were reported to the IC3 from October 2013 to May 2016 shows the sharp jump in cases is becoming a serious problem. Mitchell Thompson, Supervisory Special Agent and head of the financial cybercrimes task force in the FBI advises businesses to notify the FBI immediately if they find that they have been victimized by the BEC scam so the bureau can work with involved parties to freeze funds before fraudsters obtain the stolen money. “The sooner somebody reports this to the FBI, the better the possibility they can get their money back,” he said.

For more on protecting your organization from BEC schemes, read Battling Business Email Compromise Fraud: How Do You Start?