Business email compromise

Business Email Attack Losses Now Top $12 Billion – FBI

Business Email Attack Losses Now Top $12 Billion

The U.S. Government’s Federal Bureau of Investigation (FBI) released an open administration declaration this week cautioning that ‘business email compromise’ (BEC) scamming emails are on a dramatic increase Globally.

View the FBI notice here –

The aggregate estimation of assets diverted due to successful BEC attack has now increased to over $12 billion, the FBI stated, refreshing past admonitions of the scam and including information up to May 2018. Between December 2016 and last May there was a 136 percent rise in BEC scam losses over the globe, the FBI stated, and examples of business email compromise attacks have been accounted for in 150 nations and every one of the 50 U.S. states.

Further examination indicates banks in China and Hong Kong are the top locations for diverted stolen assets, stolen when a con-artist messages a business by penetrating a legitimate email account, and requests a transfer of funds or other sensitive data. The emails often appear as legitimate requests, such as, for example, a request for invoice payment from a supplier.

According to the FBI, the Internet Crime Complaint Center (IC3) recorded 41,048 U.S. casualties of BEC attacks between October 2013 and May 2018, totaling more than $2.9 billion in total loss.

The FBI cautioned that the real estate sector is an inexorably mainstream focus for business email compromise scams by cyber criminals, targeting organizations, law offices, real estate agencies, and property purchasers and merchants. During 2015 and 2017, the real estate market saw an in excess of 1,100 percent expansion in the quantity of business email compromise attack casualties.

The FBI issued an announcement in 2016 that pinpointed Hong Kong as ground zero for many business email compromise scams. At the time, total losses and attempted losses reached $3.1 billion. At the time, the FBI reported a 1,300 percent increase in the value of losses between January 2015 and June 2016, while reports of BEC scams had increased by 270 percent in the first half of 2016.


The BEC/EAC scam continues to grow and evolve, targeting small, medium, and large business and personal transactions. Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses2. The scam has been reported in all 50 states and in 150 countries. Victim complaints filed with the IC3 and financial sources indicate fraudulent transfers have been sent to 115 countries.

Based on the financial data, Asian banks located in China and Hong Kong remain the primary destinations of fraudulent funds; however, financial institutions in the United Kingdom, Mexico and Turkey have also been identified recently as prominent destinations.

The following BEC/EAC statistics were reported to the IC3 and are derived from multiple sources, including IC3 and international law enforcement complaint data and filings from financial institutions between October 2013 and May 2018:

Domestic and international incidents: 78,617
Domestic and international exposed dollar loss: $12,536,948,299
The following BEC/EAC statistics were reported in victim complaints where a country was identified to the IC3 from October 2013 to May 2018:
Total U.S. victims: 41,058
Total U.S. victims: $2,935,161,457
Total non-U.S. victims: 2,565
Total non-U.S. exposed dollar loss: $671,915,009
The following BEC/EAC statistics were reported by victims via the financial transaction component of the IC3 complaint form, which became available in June 20163. The following statistics were reported in victim complaints to the IC3 from June 2016 to May 2018:
Total U.S. financial recipients: 19,335
Total U.S. financial recipients: $1,629,975,562
Total non-U.S. financial recipients: 11,452
Total non-U.S. financial recipients exposed dollar loss: $1,690,788,278