Business email compromise (BEC) scams are not going away anytime soon. For such a relatively low-tech type of financial
fraud, it has proved to be a high-yield and lucrative enterprise for scammers.
BEC scams—also known as email account compromise (EAC), CEO fraud, or whaling—have been around since at least 2013.
Between October 2013 and May 2018, more than $12 billion in domestic and international losses were attributed by the FBI
to BEC scams.
According to the FBI’s latest Internet Crime Report (ICR)
, losses from BEC scams amounted to more than $1.2 billion in 2018. This is double the losses in 2017, which stood at
YearVictim count/complaintsVictim losses 20141,495$60,294,162 20157,837$246,226,016 201612,005$360,513,961201715,690$676,151,185 201820,373$1,297,803,489
Table 1. BEC-related victim losses and complaints received by IC3, 2014-2018
In 2018, the FBI’s Internet Crime Complaint Center (IC3) also received 20,373 BEC-related complaints, which is up from
15,690 complaints in 2017. Aggregate losses from internet-enabled theft, fraud, and exploitation reached $2.7 billion in
2018, and losses from BEC scams accounted for almost one-half of this figure. The FBI also said in a July 2018 public service announcement that based on the financial data
, banks located in China and Hong Kong were the primary destinations of fraudulent funds, while financial institutions
in the UK, Mexico, and Turkey were also prominent destinations.
The good news is that the IC3’s Recovery Asset Team (RAT), which was formed in February 2018, has successfully recovered
more than $192 million lost to BEC scams, representing a recovery rate of 75 percent. The RAT reportedly dealt with
1,061 incidents that caused losses of more than $257 million.