The FBI has disclosed that more than $43 billion has been lost from business email compromise attacks between June 2016 and December 2021, with BEC attack-related losses spiking by 65% from July 2019 to December 2021, reports VentureBeat.
Significant BEC attack losses have not surprised LARES Consulting Senior Security Consultant Andy Gill, who noted that the figures may even be underestimated as many BEC incidents may have been unreported. "BEC attacks continue to be one of the most active attack methods utilized by criminals because they work. If they didn't work as well as they do, the criminals would switch tactics to something with a larger ROI," Gill added. Meanwhile, Delinea Chief Security Scientist and Advisory Chief Information Security Officer Joseph Carson noted inadequate resources among most organizations impacted by BEC attacks. "Victims sometimes prefer not to report incidents if the amount is quite small but those who fall for larger financial fraud BEC that amounts to thousands or even sometimes millions of U.S. dollars must report the incident in the hope that they could recoup some of the losses," said Carson.