A business email compromise scheme is a sophisticated scam targeting both businesses and individuals. Cybercriminals compromise legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
In 2020, the US Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) received a record number of complaints or 791,790, with reported losses of $4.1bn, almost 70% more than in 2019. Behind business email compromise schemes as the costliest internet crime in the United States, romance frauds ranked second with over $600 million in total losses.
Investment frauds, non-payment/non-delivery frauds, identity thefts and spoofing followed, with $336.5 million, $265 million, $219.5 million, and $219.5 million, respectively. However, statistics show that BEC/EAC schemes caused more losses than these five frauds combined.
On the other hand, phishing scams had the highest number of complaints in 2020. The IC3 received 241,342 phishing scam complaints, or 30% of all complaints last year. Non-payment/non-delivery frauds ranked second with 108,869 complaints last year. Extortion, personal data breach, and identity theft followed with 76,741, 45,330, and 43,330 complaints, respectively.