FBI: Business Email Compromise Nets the Bad Guys Billions


Michael W. Kahn

Michael W. Kahn


The FBI has updated figures on Business Email Compromise (BEC) and none of the news is good.

The bureau said there have been more than 166,000 incidents across the globe between June 2016 and July of this year. That’s based on victim reports to its Internet Crime Complaint Center (IC3).

But the truly staggering number is the amount lost: more than $26.2 billion. 

“Based on the financial data, banks located in China and Hong Kong remain the primary destinations of fraudulent funds,” the FBI said, adding it’s seen “an increase of fraudulent transfers sent to the United Kingdom, Mexico, and Turkey.”

It’s further evidence that BEC, also known as Email Account Compromise (EAC), is on the rise—and no company is immune.

“The BEC/EAC scam continues to grow and evolve, targeting small, medium, and large business and personal transactions,” the bureau said in a Sept. 10 update. 

A very common type of BEC has the bad guys sending what looks like a legitimate email from a company official. It typically instructs someone in the office to change a bank account for an employee’s salary or for some other type of payment. 

But the bureau noted that “the scam is not always associated with a transfer-of-funds request.” It cited a variation in which criminals send emails asking for employees’ W-2 forms—which are chock full of personal information.

And the old adage about “an ounce of prevention is worth a pound of cure” certainly applies. 

“Employees should be educated about and alert to this scheme,” the FBI said. Its suggestions include using another method to verify any account changes—even something as simple as calling the person who supposedly made the request.

Visit the Current Fraud Threats page on Nacha’s website where you’ll find many resources to help you stay alert for BEC and other scams. They include our updated booklet “Protecting Against Fraud: How to Spot and Prevent Fraud Schemes.”