What the FBI’s latest IC3 report tells us about cybercrime and business payments fraud
At PaymentWorks, we tend to get more excited than most people about the annual report from the FBI’s Internet Crime Complaint Center (IC3). It’s a missive from the front lines of the fight against internet-based fraud – which is a major contributor to the plague of payments fraud.
When we talk to our customers about security concerns, one of the things that always comes up is the risk of business email compromise (BEC) scams. It’s a massively popular way for criminals to divert legitimate payments or gain access to a network – in part because it’s so effective, and in part because it’s so lucrative. The 2019 report from the IC3 shows that they received nearly 24,000 of these crime complaints last year, for a reported $1.7 billion stolen. In a year when $3.5 billion was stolen through all internet-based scams, that means that BEC scams account for nearly half of all the money lost.
According to the IC3, they saw in increase in the use of BEC scams last year – but that surprised exactly no one. In the 20 years since its inception in May of 2000, when it was launched in response to the rapid rise of criminal activity on the web, BEC scams have been at the top of the IC3’s list of criminal activity on the web. And nearly all of us can support that finding with personal experience: by now, anyone with an email address is likely to have encountered some kind of phishing scam or email-based predation.
While we’re too smart to fall for a trick we’ve all seen before (hello Nigerian prince!), the tactics and targets of BEC scams are always shifting to find new territory to hit; in a recent episode of Inside the FBI, the FBI’s podcast, host Monica Grover notes that “…over the last two decades, cybercrime has grown more sophisticated—and at the same time, the tools needed to execute it have become readily available”.
The prevalence coupled with the increased sophistication of the attacks have led to 81% of American businesses reporting being hit with a payments fraud attempt in 2019. At this rate, most businesses can count on being a target in 2020. We should all assume we will be targeted and take a moment to assess our internal controls, the tools we have available and how we communicate and confirm information with our vendors, and ask ourselves what risk our organization is assuming in not shoring up fraud protection.
We have compiled key questions you can ask yourself to assess your own risk.