Business email attacks are now a multi-billion dollar industry in 2022

Apple says it's game over for the password in 2022

Business email attacks are now a multi-billion dollar industry in 2022

Business Email Compromise (BEC) attacks have grown into a $43 billion industry, the FBI has warned, urging companies to be on their guard.

In a recent report published by the Federal Bureau of Investigation (FBI), between July 2019 and December 2021, the number of identified global losses, due to business email scams, grew by almost two-thirds (65%).

The figures are based on incidents that have been reported to the Internet Crime Complaint Center (IC3), and mean that BEC attacks are now more lucrative than the likes of the global tuna industry, or the global used-clothes industry.


Business email attacks are now a multi-billion dollar industry in 2022 1


Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Covid and crpytos

The FBI somewhat attributes this growth in BEC scams to the Covid-19 pandemic and the lockdown, further stating that during that time, this type of fraud was reported in all 50 US states and 177 countries in total.

Further strengthening the thesis of BEC being a global problem, the FBI found that 140 countries received fraudulent transfers, with banks in Thailand and Hong Kong found to be the primary international destinations for funds coming from stolen endpoints, although Mexico, Singapore, and China, were also high up the list.

All in all, $43.3 billion were lost between June 2016, and December 2021.

Read more

> Protecting your business from email compromise attacks

> Hackers are hiring more English speakers to write believable email scams

> Microsoft may have discovered the least convincing phishing scam yet

The FBI also looked at the role cryptocurrencies played in the rise of BEC scams, suggesting it widened the playing field for the crooks.

The IC3 tracked two iterations of crypto-oriented BEC scams – one where the victim would, unknowingly, send funds directly to a cryptocurrency exchange, and another one, called “second hop transfer” in which the attackers create accounts on crypto exchanges using personally identifiable information stolen from victims of other types of attacks (extortion, tech support, romance). Only after the funds are sent to that account, do the crooks transfer them elsewhere.

Crypto-oriented BEC scams are getting more devastating, as well. Back in 2019, less than $5m in losses were reported. Last year, it spiked to $40 million, with the FBI expecting the figure to grow even further in the future.

Most of the time, the attacks revolve around people being tricked into willingly sending funds, rather than deploying viruses on the victims’ devices.