As is evident from local and global news, cybersecurity incidents are becoming increasingly important and massive, with multiple ramifications. By virtue of this we understand that it is especially pertinent to insist on empowering people, disseminating statistical data to visualize the dimension of the scenario we are currently facing.
The FBI issued its annual Internet Crime Report, updating the evolution of Business Email Compromise (BEC) and Email Account Compromise (EAC) cases over the last year.
The publication issued by the Internet Crime Complaint Center (IC3) contains updated statistics from 2018 up to and including 2020 in which it details the attacks that US companies and citizens worldwide have been victims of, as well as the associated financial losses.
The IC3's mission is to provide the public with a reliable and convenient reporting mechanism for submitting information to the Federal Bureau of Investigation about suspicious criminal activity facilitated by the Internet.
BEC/EAC is a sophisticated scam that targets both businesses and individuals making legitimate fund transfer requests. The scam is often carried out when an attacker compromises legitimate business or personal email accounts, through social engineering or computer intrusion, creates email accounts with domains similar to those of the affected individuals or institutions, or masks their email account as legitimate, in order to accomplish unauthorized fund transfers.
It is not always associated with a funds transfer request. One variation involves compromising legitimate business email accounts and requesting other sensitive information, personal data, as preconditions for this or other types of attacks.
In 2020, IC3 received 791,790 cyber-attack complaints with an increase of 69% (more than 300,000 complaints) over 2019, with reported losses of US$4.2 billion.
Of the 791,790 complaints, 19,369 correspond to BEC/EAC with adjusted losses of more than US$1.8 billion. An average of 2169 complaints per day, 889 more than in 2019.
BEC/EAC attacks accounted for 44% of financial losses reported by companies and individuals among all incidents reported in 2020. However, the complaints filed were 2.4% of the total number of complaints.
These attacks even being the most costly, show a drop in the number of victims; 4406 less than in 2019.
The IC3 also report highlights the growing impact of BEC/EAC variations targeting businesses that receive spoofed emails requesting a change in their direct deposit account.
It is interesting to consider that, although the reality presented by these reports is based mostly on data from U.S. citizens and companies, it has a global scope, and clearly shows the scenario we observe most frequently in Latin America.
