chat
expand_more

2022 FBI IC3 Report Shows $2.7 Billion in Losses from Business Email Compromise

Discover the biggest takeaways about business email compromise, pig butchering, and phishing from the 2022 FBI Internet Crime Report.
March 13, 2023

Ransomware attacks might be what makes the biggest headlines, but year after year one attack type remains a leading culprit for massive financial losses: business email compromise (BEC).

Last week, the FBI released its 2022 Internet Crime Report, which summarizes major cyber threat trends from the prior year and breaks down total losses and victim counts for a variety of different cybercrimes.

One important takeaway? More than a quarter of the $10.9 billion in losses reported to the FBI Internet Crime Complaint Center (IC3) was directly attributable to BEC. Read on for more highlights from this year’s report.

The Threat of Business Email Compromise Continues to Grow

First discussed in the 2015 Internet Crime Report, business email compromise (BEC) was the leading cause of financial losses for seven straight years. And while it was dethroned by investment fraud in the most recent report, these attacks were still responsible for $2.7 billion in total losses in 2022—a year-over-year increase of 14.5%.

FBI IC3 Financial Losses Attributable to BEC

Over the past five years, losses from BEC attacks have more than doubled, growing by a staggering 111% between 2018 and 2022. And in the eight years since the FBI IC3 began reporting on BEC, total losses have risen by more than 10x.

Additionally, although investment fraud recorded the highest total losses in 2022, the average amount lost per BEC attack was higher, at just over $125,600—a 300% increase since 2015.

FBI IC3 Average Losses per BEC Attack

Clearly, threat actors are continuing to see success with BEC attacks, which is why we can expect consistent growth in business email compromise for the foreseeable future.

Pig Butchering: An Emerging Type of Investment Fraud You Should Know

Investment fraud is nothing new. Indeed, Ponzi schemes have been around for over a century. But with the increasing pervasiveness of cryptocurrencies throughout the past few years, a new type of investment scam with especially costly consequences has been picking up steam: pig butchering.

Combining investment fraud and social engineering, pig butchering involves tricking targets into making large cryptocurrency investments through fake platforms over the course of several weeks or months. Once the bad actor has “fattened up the pig” (i.e., convinced the target to deposit all of their money into the account), they move forward with “butchering”—withdrawing the funds, closing the account, and blocking the target.

While pig butchering is just one type of investment fraud, its growing popularity along with its potential for higher-than-average payouts likely makes it a major contributing factor to the startling spike in losses attributed to investment scams in recent years. Between 2021 and 2022, the total losses due to investment fraud grew by 127%—from about $1.5 billion to $3.3 billion.

Phishing is Once Again the Most Common Cybercrime

In terms of total losses, phishing falls squarely in the bottom third of all attack types tracked by the IC3. However, what organizations must remember is that phishing is frequently just the first step in a variety of crimes.

Legacy technologies like secure email gateways (SEGs) can stop simple phishing attacks that contain obviously malicious links or attachments, but more advanced phishing messages often easily bypass SEGs. And when an employee engages with a phishing email, it puts the organization at considerable risk, as the information acquired enables threat actors to launch more damaging attacks like BEC, account takeover, and ransomware.

Its success as a “foot in the door” tactic is likely why phishing has been the most common cybercrime reported to the IC3 since 2019.

FBI IC3 Percentage of All Incidents Reported to IC3

And as threat actors have continually found new ways to make phishing attacks more convincing, the number of victims has steadily increased since 2019, only slightly declining between 2021 and 2022.

FBI IC3 Phishing Incidents Reported to IC3

The Need for a Modern Approach to Cybersecurity

What the 2022 Internet Crime Report drives home is how serious the threat of social engineering attacks has become and, as a result, how crucial it is for organizations to invest in innovative technology that can combat these attacks.

Modern cybercriminals are constantly refining their techniques and increasingly leveraging the same business tools that today’s organizations use to identify targets, source information, and craft convincing emails that allow them to trick employees. That means if your company is still relying on solutions that take an approach to email security that essentially hasn’t been updated in nearly two decades, you’re at a significant (and unnecessary) disadvantage.

The most effective way to protect your organization from sophisticated, socially-engineered threats like business email compromise is to implement intelligent email security technology that combines cutting-edge behavioral science with risk-adaptive detection.

See how Abnormal’s cloud email security solution detects and prevents the malicious emails that bypass traditional solutions. Schedule your demo today.

Schedule a Demo
2022 FBI IC3 Report Shows $2.7 Billion in Losses from Business Email Compromise

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More