Kusserow on Compliance: FBI Reports on business email compromise scams

BEC Scams Accounted for 50% of cyber losses last year

The FBI once again reported on the increase in cyber-criminal activity related to ransomware and business email compromise (BEC) scams. During 2019, BEC accounted for almost a half million internet and cyber-crime complaints and caused losses of more than $3.5 billion. Approximately half of the reported loses were as result of BEC, sometime referred to as EAC (Email Account Compromise) crimes, which averaged $75,000 per incident reported. This was the most damaging and effective type of cyber-crime last year. The 23,775 BEC victims accounted for $1.77 billion in losses for victims, which was on average $75,000 per complaint.

These are sophisticated scams targeting business activities and individuals performing wire transfer payments. They normally come about as result of either a compromise or spoof an email account for a legitimate person/company. They use this email account to send fake invoices for business contractors. Sometimes they are sent to employees. They are designed to trick people into wiring money into the wrong bank accounts. An example of this relates to the diversion of payroll funds, wherein HR or payroll receives an email appearing to be from an employee requesting to update and change their direct deposit information for the current pay period, generally routing it to a pre-paid card account.

The most recent innovation has been scammers mimicking employee’s own CEO to steal funds from the payroll department. They hack into a company’s email server and identify which executives’ email addresses they can spoof to trick unsuspecting employees. The FBI also noted a decrease in the number of ransomware complaints, however a rise in the amount of losses per incident. Additionally, 764 health care providers reported being ransomware victims in 2019.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.