A BEC timeline infographic

How Criminals Carry Out Fraud and BEC Scams

A scammer might:

  • Spoof an email account or website. Slight variations on legitimate addresses ([email protected] vs. [email protected]) fool victims into thinking fake accounts are authentic.
  • Send spear phishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
  • Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or to send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.
A BEC timeline infographic

Business Email Compromise the $43 Billion Scam

The following statistics were reported in victim complaints to the FBI Internet Crimes Complaint Center between June 2016 and December 2021:

Domestic and international incidents:
241,206

Domestic and international exposed dollar loss:
$43,312,749,946

The following BEC/EAC statistics were reported in victim complaints to the IC3 between October 2013 and December 2021:

Total U.S. victims:
116,401

Total U.S. exposed dollar loss:
$14,762,978,290

Total non-U.S. victims:
5,260

Total non-U.S. exposed dollar loss:
$1,277,131,099

The following statistics were reported in victim complaints to the IC3 between June 2016 and December 2021:

Total U.S. financial recipients:
59,324

Total U.S. financial recipient exposed dollar loss:
$9,153,274,323

Total non-U.S. financial recipients:
19,731

Total non-U.S. financial recipient exposed dollar loss:
$7,859,268,158

As soon as possible, file a complaint regardless of the amount with www.ic3.gov or, for BEC/EAC victims, BEC.IC3.gov.