Business Email Compromise: The $43 Billion ScamScam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost.
This Public Service Announcement is an update and companion piece to Business Email Compromise PSA I-091019-PSA posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center complaint information and updated statistics from October 2013 to December 2021.
DEFINITION
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.
The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests." or computer intrusion to conduct unauthorized transfers of funds.
The scam is not always associated with a transfer-of-funds request. One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even crypto currency wallets.
STATISTICAL DATA
The BEC/EAC scam continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars. This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.
The BEC scam has been reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers. Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore.
The following BEC/EAC statistics were reported to the FBIFBI FBI - Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI is also a member of the U.S. Intelligence Community and reports to both the Attorney General and the Director of National Intelligence. A leading U.S. counter-terrorism, counterintelligence, and criminal investigative organization, the FBI has jurisdiction over violations of more than 200 categories of federal crimes, including financial fraud. IC3, law enforcement and derived from filings with financial institutions between June 2016 and December 2021:
| Domestic and international incidents: | 241,206 |
| Domestic and international exposed dollar loss: | $43,312,749,946 |
| The following BEC/EAC statistics were reported in victim complaints to the IC3 between October 2013 and December 2021: | |
| Total U.S. victims: | 116,401 |
| Total U.S. exposed dollar loss: | $14,762,978,290 |
| Total non-U.S. victims: | 5,260 |
| Total non-U.S. exposed dollar loss: | $1,277,131,099 |
| The following statistics were reported in victim complaints to the IC3 between June 2016 and December 2021: | |
| Total U.S. financial recipients: | 59,324 |
| Total U.S. financial recipient exposed dollar loss: | $9,153,274,323 |
| Total non-U.S. financial recipients: | 19,731 |
| Total non-U.S. financial recipient exposed dollar loss: | $7,859,268,158 |
BEC AND CRYPTOCURRENCY
The IC3 has received an increased number of BEC complaints involving the use of cryptocurrency. Cryptocurrency is a form of virtual asset that uses cryptographyCryptography Cryptography is an approach to protecting information or hiding its meaning by converting it into a secret code before sending it out over a public network - in other words, to Encrypt it. (the use of coded messages to secure communications) to secure financial transactions and is popular among illicitillicit Illicit means something that is not legally permitted or authorized under the law; unlicensed; unlawful. It can also mean disapproved of or not permitted for moral or ethical reasons. actors due to the high degree of anonymity associated with it and the speed at which transactions occur.
The IC3 tracked two iterations of the BEC scam where cryptocurrency was utilized by criminals. A direct transfer to a cryptocurrency exchange (CE) or a “second hop” transfer to a CE. In both situations, the victim is unaware that the funds are being sent to be converted to cryptocurrency.
DIRECT TRANSFER – Mirrors the traditional pattern of BEC incidents in the past.
IC3 Image 1
SECOND HOP TRANSFER – Uses victims of other cyber-enabled scams such as Extortion, Tech Support, and Romance Scams. Often, these individuals provided copies of identifying documents such as driver’s licenses, passports, etc., that are used to open cryptocurrency wallets in their names.
IC3 Image 2
400% Growth In Just ONE YEAR
In the past, the use of cryptocurrency was regularly reported in other crime types seen at the IC3 (e.g., tech support, ransomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction., employment), however, it was not identified in BEC-specific crimes until 2018. By 2019, reports had increased, culminating in the highest numbers to-date in 2021 with just over $40M in exposed losses. Based on the increasing data received, the IC3 expects this trend to continue growing in the coming years.
BEC Fraud Chart 1
SUGGESTIONS FOR PROTECTION
- Use secondary channels or two-factor authentication to verify requests for changes in account information.
- Ensure the URL in emails is associated with the business/individual it claims to be from – be careful with spoofingSpoofing Spoofing occurs when a caller maliciously transmits false caller ID information to increase the likelihood that you'll answer. Scammers often spoof local numbers, private companies, government agencies and other institutions. It can also apply to pretending to be an email address, or through other media..
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Refrain from supplying log-in credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
- Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
- Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
SPECIAL BEC SCAM REPORTING
If you discover you are the victim of a fraud incident, immediately contact your financial institution to request a recall of funds. Regardless of the amount lost, file a complaint with www.ic3.gov or, for BEC/EAC victims, BEC.ic3.gov, as soon as possible.
Additionally, we recommend that you also REPORT to the FTCFTC The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) U.S. antitrust law and the promotion of consumer protection. The FTC can also act as a clearinghouse for criminal reports sent to other agencies for investigation and prosecution. To learn more visit www.FTC.gov or to report fraud visit ReportFraud.FTC.gov at https://reportfraud.ftc.gov/#/?orgcode=SCARS
Essential Tools For Every Scam SurvivorSurvivor A Scam Survivor is a victim who has been able to fully accept the reality of their situation. That they were the victim of a crime and are not to blame. They are working on their emotional recovery and reduction of any trauma either on their own, through a qualified support organization, or through counseling or therapy. And has done their duty and reported the crime to their local police, national police, and on Anyscam.com From SCARS Publishing
Visit shop.AgainstScams.org
Each is based on our SCARS Team’s 32 plus years of experience.
SCARS Website Visitors get an Extra 10% Discount
Use Discount Code “romanacescamsnow” at Checkout
SCARS GREEN BOOK
Self-Help Self-Paced Recovery Program Guide
LEARN HOW TO RECOVER ON YOUR OWN
This program is designed to help scam victims struggling to recover on their own and for those who want to understand the overall process. You can be using other resources, such as traumaTrauma Emotional and psychological trauma is the result of extraordinarily stressful events that shatter your sense of security, making you feel helpless in a dangerous world. Psychological trauma can leave you struggling with upsetting emotions, memories, and anxiety that won’t go away. It can also leave you feeling numb, disconnected, and unable to trust other people. Traumatic experiences often involve a threat to life or safety or other emotional shocks, but any situation that leaves you feeling overwhelmed and isolated can result in trauma, even if it doesn’t involve physical harm. It’s not the objective circumstances that determine whether an event is traumatic, but your subjective emotional experience of the event. The more frightened and helpless you feel, the more likely you are to be traumatized. Trauma requires treatment, either through counseling or therapy or through trauma-oriented support programs, such as those offered by SCARS. counselingCounseling Counseling is the professional guidance of the individual by utilizing psychological methods especially in collecting case history data, using various techniques of the personal interview, and testing interests and aptitudes. A mental health counselor (MHC), or counselor, is a person who works with individuals and groups to promote optimum mental and emotional health. Such persons may help individuals deal with issues associated with addiction and substance abuse; family, parenting, and marital problems; stress management; self-esteem; and aging. They may also work with "Social Workers", "Psychiatrists", and "Psychologists". SCARS does not provide mental health counseling. or therapy, qualified support groupsSupport Groups In a support group, members provide each other with various types of help, usually nonprofessional and nonmaterial, for a particular shared, usually burdensome, characteristic, such as romance scams. Members with the same issues can come together for sharing coping strategies, to feel more empowered and for a sense of community. The help may take the form of providing and evaluating relevant information, relating personal experiences, listening to and accepting others' experiences, providing sympathetic understanding and establishing social networks. A support group may also work to inform the public or engage in advocacy. They can be supervised or not. SCARS support groups are moderated by the SCARS Team and or volunteers., or completely independent – on your own!
The SCARS Steps program is a complete program and is provided for the purpose of helping scam victims to overcome this experience. Throughout this SCARS Steps Program, we speak about issues and challenges that a victim may have and help guide them through their recovery. But each person is different and it is important to understand your own reasons for being vulnerable to being scammed.
After the trauma of being scammed, you need to take steps to recover and move on. This may be an alternative to counseling in the short term, but we still encourage you to seek out professional help & support. Throughout this SCARS Steps Program, we speak about issues, challenges, defects, or problems that a victim may have in a generalized way.
The SCARS GREEN BOOK will help you recover from your scam offline and it will always be there when you need it!
SCARS SLATE BOOK – Let Us Explain What Happened!
A Guide For Families & Friends Of Scam Victims
HOW TO HELP ROMANCE SCAM VICTIMS FOR FAMILIES & FRIENDS OF SCAM VICTIMS
This SCARS Publishing book represents a complete guide to help the families and friends understand how these scams work and how to help the victim.
The SCARS Slate Book should be purchased by family and friends to better understand what happened to the victim and the traumatic impact on them. But it can also be shared by the victim so that they do not have to explain to family and friends about the scam. This publication is to help others to help Scam Victims to make it through this traumatic experience and recover.
Each person is different and it is important to understand how relationship scamsRelationship Scam A Relationship Scam is a one-to-one criminal act that involves a trust relationship and uses deception & manipulation to get a victim to give to the criminal something of value, such as money! Click here to learn more: What Is A Relationship Scam? work and why people are vulnerable; to being scammed, how they were lured in, then groomed and manipulated. This understanding is essential in helping them through the process of ending the scam and then on to recovery. The SCARS Slate Book will provide the information necessary to help support a victim through this process.
SCARS RED BOOK
Your Personal Scam Evidence & Crime Record Organizer
ORGANIZE YOUR INFORMATION TO MAKE THE REPORTING PROCESS SIMPLE!
Helps you get and stay organized. This publication is to help Scam Victims organize their crime information. Complete this information before reporting to the police then bring this book with you
Before or after reporting to the police the RED BOOK gives you a dedicated tool to record all the essential facts of this crime. The Victim, the Scammers, the Money, and your Police interactions. Everything that really matters can be easily recorded for your immediate use and for the future!
As we have seen, money recovery/repayment programs can become available years after the scam ends and you need to keep all the details of this crime in case it is needed. We have also seen scammers being extradited to the U.S. and other countries, this will help in the event you testify or give statements, Additionally, this helps you have your information ready to qualify for victims’ benefits, compensation, or aid.
The Official SCARS RED BOOK is your way of recording all the important facts of this crime so that you do not lose essential information, Complete the RED BOOK then put it away with the confidence that you will have it if or when it is needed.
100% of all profit goes to help SCARS help more scam victims worldwide.
Your generous purchase allows us to maintain our scam avoidance, support, and recovery services. Please help SCARS and stand proud.
Leave A Comment