- BEC scams have grown into a multi-billion problem right now, and it’s unlikely to stop soon.
- Many organizations are taking protective measures, but on the other side, many don’t.
- The scammers manage to steal more money per victim compared to the past.
Symantec reports that the trend of BEC (Business Email Compromise) scams for the last year shows an apparent intensification of the problem, with the industry remaining a billion-dollar enterprise. As the data indicates, BEC scams are not likely to get eradicated any time soon, no matter how many organizations and corporations are using sophisticated security systems nowadays. Instead of seeing a decrease in the associated losses, Symantec estimates that in 2018, the losses from BEC scams were just shy of $1.3 billion, more than double of the $676 million of 2017.
As far as the victim count goes, in 2018, there were 20373 complaints about getting scammed, while in 2017, the corresponding number was 15690. This data associated with the number of financial losses indicates one more thing, and that is that the amount that was snaffled from each victim has gone upwards. The trend is the same when compared to 2016, 2015, and 2014 data, with the situation being better the most far back in time we go. In 2014, the reported victims of BEC scams were only 1495, while the associated losses amounted to $60.2 million.
Symantec dips its toe into 2019 waters trying to figure out what the situation was between January and March 2019, and the data shows a 50% increase in BEC scams compared to Q1 2018. More specifically, the average daily volume of BEC emails was measured to be 128700 messages. The average number of organizations that were targeted on a monthly basis between July 2018 and July 2019 was estimated to be 6029. On average, each business received five BEC scam emails each month over the last twelve months, having a chance of 17% that at least one email every month would come from BEC actors.
The most targeted country is the USA with 39%, with the UK and Australia coming second and third with 26% and 11% respectively. As for the top email subjects and keywords, these are always something along the lines of “important”, “urgent”, “payment”, “receipt”, “confidential”, “attention”, “transaction”, “request”, and “update”.
These could serve well to set automatic alerting systems that would help employees determine which emails are suspicious. Many organizations are deploying BEC protection systems, but as many others don’t, the actors continue to expand and extend their operations, managing to make more money out of their targets. With the situation has escalated to a billion problem right now, 2019 should be the turnaround point, but the data so far paints a different picture.