The massive financial rewards for those carrying out cyber crimes including email scams has been revealed in research from Financial Crimes Enforcement Network (FinCEN).
FinCEN is a bureau of the United States Department of the Treasury that collects and analyses information about financial transactions.
It warned that Business Email Compromise (BEC) scammers and other criminals “generated more than $300 million a month in 2018, with a cumulative total exceeding billions of dollars stolen from businesses and individuals.”
In 2016 for example, email scammers were only netting $110 million per month.
FinCEN also said that the number of suspicious activity reports describing business email compromises has more than doubled to over 1,100 per month last year, from around 500 per month in 2016.
“FinCEN has been a global leader and innovator in countering BEC breaches and their devastating effects on businesses, individuals, and national security,” said FinCEN director Kenneth A. Blanco. “The Bank Secrecy Act data is a critical resource in combatting all types of financial crime. We hold, safeguard, and analyse that data and we share our expertise with law enforcement and our industry partners to help make America safer.”
Besides the warning about the scale of the problem. FinCEN also issued an update to its “Advisory to Financial Institutions on E-mail Compromise Fraud Schemes,” first published in 2016, in which it highlighted general trends and provide more up to date advice.
So what techniques are scammers using the most at the moment? Well it seems that the use of fraudulent vendor or client invoices has grown, from 30 percent of sampled 2017 incidents, to 39 percent in 2018, making it now the most common business email compromise method.
Other techniques are also used however. Impersonating a CEO or other high-ranking business officerhas declined, accounting for 12 percent in 2018 from 33 percent of incidents in 2017.
FinCEN said that impersonation of an outside entity was described in 20 percent of 2018 reports.
The sectors most targetted by email scams are manufacturing and construction businesses in both 2017 and 2018.
At least one security expert has warned that these FinCEN numbers are probably only the tip of the iceberg.
“These scary numbers are just the tip of the BEC (Business Email Compromise) formidable iceberg,” warned Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.
“Many small businesses do not report such incidents due to unawareness that a legal recourse may exist, or luck of hope to recover the stolen monies,” said Kolochenko. “Large organisations may likewise conceal the losses not to spoil their reputation. Importantly, we also have to consider many other indirect costs of cybercrime.”
“For example, growing spending on protracted and otherwise complicated due diligence on clients and partners that victims usually impose after losing money, let alone costs of investigation and legal expenses,” said Kolochenko. “Often a victory in a courtroom is nominal, as more money is lost than recovered or the defendants are judgement proof having no money to restitute the victims.”
Kolochenko said that businesses need to increasingly invest in continuous cybersecurity education for their workforce, and that no technology can resolve or mitigate all risks and threats without well-prepared people behind it.
“From a technology standpoint, organisations should invest in continuous security monitoring practices,” Kolochenko said. “Yearly or even quarterly audits are insufficient to resist the growing volume and sophistication of cybercrime.”
Do you know all about security? Try our quiz!
As businesses re-examine how they operate in a post-pandemic world, it is increasingly evident that…