Dive Brief:

• The FBI issued a Public Service Announcement last week warning about a massive increase in Business E-mail Compromise (BEC) phishing scams. Perpetrators of BEC scams monitor and study their victims using social engineering techniques prior to initiating the scam.
• Between January 2015 and December 2016, there was a 2,370% increase in identified exposed losses, according to the Internet Crime Complain Center (IC3). The scam has been reported in all 50 states and in 131 countries.
• More than 40,200 domestic and international incidents occurred between October 2013 and December 2016 with an exposed dollar loss of more than $5 billion. Asian banks located in China and Hong Kong are the primary destinations of fraudulent funds.

Dive Insight:

As cybercriminals become more sophisticated, the number of BEC scams grow. Last year, BEC attacks compromised businesses in every market, including leading healthcare organizations, an NBA team, financial institutions, the World Anti-Doping Association, John Podesta and the Democratic National Committee.

But the prevalence of the attack method is unlikely to slow down. BEC attacks will continue to grow in 2017 because they look very legitimate and are very successful at fooling victims, offering a promising ROI for malicious actors. BEC attacks can also be launched for a small cost with the potential for huge gains.

The FBI's announcement comes on the heels of deceiving attack last week. Approximately one million people were subject to a mass phishing attack that was disguised as what looked like a Google Doc. Fortunately, Google was quick to respond by blocking the scheme fairly quickly.