Business Email Compromise Schemes Caused $1.8B Worth of Damage, a $100M Increase in a Year

The COVID-19-fuelled surge in the use of technology and online solutions created a huge space for cybercriminals who committed a record number of internet crimes in the United States last year.

In 2020, almost 792,000 complaints were logged by the FBI’s Internet Crime Complaint Center (IC3), nearly 70% more than in 2019. The total financial losses caused by cybercrimes jumped by 20% year-over-year to $4.2bn, and business email compromise schemes had the most significant role in that increase.

According to data presented by Trading Platforms, business email compromise (BEC) and email account compromise (EAC) schemes caused $1.8bn worth of damage in the United States last year, or 42% of all reported cybercrime loss.

Number of Complaints Dropped, Total BEC Losses Rise

A business email compromise scheme is a sophisticated scam targeting both businesses and individuals. Cybercriminals compromise legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

In 2013, BEC/EAC schemes routinely began with the hacking or spoofing of the email accounts of chief executive officers or chief financial officers, requesting wire payments to fraudulent locations.

Over the years, the scam evolved to include compromise of personal emails, vendor emails, spoofed lawyer email accounts, demands for W-2 information, the targeting of the real estate sector and fraudulent requests for large amounts of gift cards. However, last year also witnessed a surge in the number of BEC/EAC complaints related to identity theft and funds being converted to cryptocurrency.

The FBI’s 2020 Internet Crime Report revealed that although the number of BEC/EAC complaints in the US dropped in 2020, the total amount of loss caused by these schemes jumped by $100 million in a year.

In 2019, the IC3 received 23,775 BEC/EAC complaints with adjusted losses of over $1.7 billion. Last year, the number of complaints dropped to 19,369, while the total loss jumped to $1.8bn.

BEC Schemes Caused Bigger Losses than Other Top Five Frauds Combined

Last year, IC3 received a record number of complaints or 791,790, with reported losses of $4.1bn, almost 70% more than in 2019. Behind business email compromise schemes as the costliest internet crime in the United States, romance frauds ranked second with over $600 million in total losses.

Investment frauds, non-payment/non-delivery frauds, identity thefts and spoofing followed, with $336.5 million, $265 million, $219.5 million, and $219.5 million, respectively. However, statistics show that BEC/EAC schemes caused more losses than these five frauds combined.

On the other hand, phishing scams had the highest number of complaints in 2020. The IC3 received 241,342 phishing scam complaints, or 30% of all complaints last year. Non-payment/non-delivery frauds ranked second with 108,869 complaints last year. Extortion, personal data breach, and identity theft followed with 76,741, 45,330, and 43,330 complaints, respectively.