The FBI received 467.361 cybercrime and cybercrime complaints in 2019, which the agency estimates cost more than $ 3,5 billion, according to its annual report on the Internet Crime Report released today.
The FBI says nearly half of those reported losses - about $ 1,77 billion - came from reports of BEC (Business Email Compromise) fraud, also known as EAC (Email Account Compromise) crimes.
BEC / EAC is a sophisticated scam that targets businesses and individuals who make payments through bank transfers.
"The BEC relies on the old trick of deception," the FBI said in 2017, when it began receiving more reports of BEC fraud.
A typical BEC fraud occurs after the hackers or they do compromised either spoof an email to a legal person / company. They are using this email to send false emails invoice or business agreements. These are sent to employees in the same company or to partner partners. The idea is to deceive their counterparts into depositing money in the wrong bank accounts.
BEC scams are popular because they are too simple to execute and do not require advanced coding skills or complexity. malware. According to the FBI's Internet Crime Report for 2019, BEC scams were by far the most damaging and effective type of crime in the cyberspace in 2019. Only 23.775 BEC victims accounted for $ 1.77 billion in damage, which is an average of $ 75.000 per complaint.
In comparison, Phishing / smishing / vishing corresponding to $ 500 in losses per complaint, while ransomware had losses of $ 4.400 per complaint.
"In 2019, IC3 saw an increase in the number of BEC / EAC complaints related to the diversion of payroll funds," the FBI said.
"In this type of fraud, the human resources department resources or payroll company receives an email that is displayed by an employee requesting to update his information account for the current payment period. New instant deposit items are routed to a prepaid card account. ”
State of ransomware
Another point of interest for the FBI Cybercrime Report for 2019 was ransomware. Last year, we saw a decrease in the number of complaints and an increase in the amount of damage caused by ransomware incidents.
This year, the losses continued to increase, but the number of ransomware incidents decreased. Overall, the findings of the report are astonishing.
2019 was a year flooded with news about various ransomware incidents. Private sector businesses, service managers, schools and municipalities have been hit hardest.
According to reports by Armor and Emsisoft, it was observed that many US businesses or organizations were dealing with a ransomware incident. Emsisoft specifically mentioned ransomware incidents in 2019:
- State and municipal authorities and services.
- 764 healthcare providers.
- 89 universities, colleges and school complexes, with activities in up to 1.233 individual schools potentially affected.
The FBI report reflects what we have seen from independent third party reports.
2018 was a year when there was a shift in tactics from the masses e-mail after going through the individual attacks that targeted a few, but high level targetsso we had an increase in ransomware attacks.
According to many experts, BEC and ransomware attacks are expected to continue to increase in 2020, as there are few measures to prevent groups crime in cyberspace.