The FBI is reminding organisations of the serious threat posed by business email compromise (BEC) scams, declaring that it caused over $1.8 billion worth of losses to businesses last year.

The newly-published annual cybercrime report from the FBI’s Internet Crime Complaint Center (IC3) reveals that it had received a record number of complaints and claims of financial loss – with internet crime causing more than $4 billion in losses.

And although ransomware tends to dominate the cybercrime headlines, the losses attributed to such extortion attempts ($29 million) are dwarfed by business email compromise and email account compromise (EAC).

Indeed, according to the FBI’s released statistics, BEC attacks account for losses that are a massive 64 times worse than ransomware.

Take a minute to look at the numbers, and they’re truly jaw-dropping.

“BEC comprised 37% of all losses last year. That’s an outrageous figure. Given the fact that “spoofing” is likely a subset of BEC, the total loss number is close to $2.1 billion,” says Crane Hassold, senior director of threat research at Agari. “Ransomware, the topic that tends to get the most media coverage, made up only 1% of cybercrime losses.”

Now, it’s important to recognise that even the IC3’s own report appears to be concerned that it might be under-representing the true cost of ransomware.

In a footnote the report indicates that the figure is clearly not reflective of the real cost of ransomware attacks:

“** Regarding ransomware adjusted losses, this number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services acquired by a victim. In some cases, victims do not report any loss amount to the FBI, thereby creating an artificially low overall ransomware loss rate. Lastly, the number only represents what victims report to (Read more...)