Application security, Threat Management

Email compromise scams rack up greatest financial losses in new IC3 report

Among all incidents reported to the Internet Crime Complaint Center in 2016, email compromise scams targeting businesses and individuals were responsible for the greatest financial loss totals, according the IC3's newly released annual report.

Overseen by the FBI, the IC3 reported in its 2016 Internet Crime Report that it received 298,728 overall complaints last year, adding up to over $1.3 billion in losses. Business Email Compromise (BEC) and individual email account compromise (EAC) scams represented well over a quarter of these losses, costing victims around $360.5 million.

BEC scams involve cybercriminals using social engineering, spoofing and intrusion techniques to compromise corporate email accounts in order to facilitate a fraudulent transfer of funds. In a glaring illustration of just how financially devastating BEC and EACs scams can be, this category of crime generated the highest loss totals, despite only being the 16th most frequently reported crime, with only 12,005 incidents. "In 2016, the scam evolved to include the compromise of legitimate business email accounts and requests for Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees," the report noted.

The three crimes that were most commonly reported to the task force last year were non-payment and non-delivery incidents (81,029 cases), personal data breaches (27,573), and 419/overpayment scams (25,716).

Non-payment occurs when goods or services are shipped, but never paid for, and non-delivery scams are when items are paid for, but never received. 419 scams, also known as Nigerian prince scams, involve tricking victims into sending personal or banking information to aid in a fraudulent monetary transfer. And overpayment scams are when someone receives a large payment from a fraudster and is asked to keep a portion, while returning the reminder (or sending the rest to a third person), only for the original payment to bounce.

After BEC/EAC scams, reported crimes that were responsible for the next highest loss totals were confidence fraud and romance scams ($219.8 million) and non-payment/non-delivery crimes ($138.2 million).

Citing statistics provided by the U.S. Attorney's Office of the Western District of Washington, the IC3 noted that only an estimated 15 percent of U.S. victims of fraud report crimes to law enforcement, meaning that many more millions of dollars in Internet crimes likely went unreported to the IC3 in 2016.

In the report's introduction, Scott Smith, assistant director of the FBI's Cyber Division, wrote that the FBI "continues to expand Operation Wellspring (OWS), an initiative through which state and local law enforcement officers are embedded in, and trained by, FBI cyber task forces and serve as the primary case agents on Internet-facilitated criminal investigations." Smith noted that OWS task forces opened 37 investigations in 2016.

Despite making waves in 2016, ransomware registered relatively low on IC3's list of threats, receiving 2,673 complaints (ranked 22nd) with losses of over $2.4 million ranked 25th).

 in 2016, according to a newly released annual report by 
 in 2016, according to a newly released annual report by 
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.