CIO

FBI: US victims lost $2.7bn to online scammers in 2018, mostly to email fraudsters

  • Liam Tung (CSO Online)
  • 24 April, 2019 05:04

Business email compromise (BEC) scams continue to rack up huge losses for victims and that’s only counting those who actually report the incidents to the FBI’s Internet Crime Complaint Center (IC3). 

In July 2018, the FBI’s IC3 reported that $12 billion had been lost to BEC swindlers worldwide since 2013.   

Now, IC3 reports that losses in 2018 in the US alone totaled $1.3 billion, making up the lion’s share of the $2.71 billion in losses for all types of scams, including extortion, tech support fraud, and payroll diversion. And these only include losses and incidents that were actually reported to IC3.

The FBI includes consumer and business reports in its calculation of losses and in 2018 says it received over 20,000 complaints of fraud that occurred due to BEC scammers compromising email accounts through low-tech, but targeted phishing campaigns.  

The scam has morphed over the half a decade the FBI has been tracking complaints about BEC fraud. 

“In 2013, BEC and [Email Account Compromise] scams routinely began with the hacking or spoofing of the email accounts of chief executive officers or chief financial officers, and fraudulent emails were sent requesting wire payments be sent to fraudulent locations. Through the years, the scam has seen personal emails compromised, vendor emails compromised, spoofed lawyer email accounts, requests for W-2 information, and the targeting of the real estate sector,” the FBI notes in the report

Overall, reports from Australia were the fourth largest source of complaints about online fraud to IC3, making up a total of 1,227 complaints. Reports from Australia were behind those from India, the UK, and Canada. 

Ransomware complaints made up less than 1,500 reports to IC3 last year, well below the the 51,146 reports of extortion attempts, most of which were “sextortion” or bogus claims a scammer would publish compromising material about a victim. Extortion losses totaled $83 million, according to IC3, far greater than estimated ransomware losses that were estimated at $3.6 million for the year. 

However, the FBI notes its figures do not include business costs and remediation efforts due to ransomware infections, and only accounts for what victims report to the FBI through IC3. Additional losses reported to the FBI directly are not included in the IC3 report.      

There were 14,408 complaints about tech support scams, totaling $39 million in losses and marking a 161 percent increase in losses compared with 2017. In estimated dollar losses, BEC fraud was distantly followed by romance scams, which totaled $360 million.