chat
expand_more

2022 FBI IC3 Report Shows $2.7 Billion in Losses from Business Email Compromise

Discover the biggest takeaways about business email compromise, pig butchering, and phishing from the 2022 FBI Internet Crime Report.
March 13, 2023

Ransomware attacks might be what makes the biggest headlines, but year after year one attack type remains a leading culprit for massive financial losses: business email compromise (BEC).

Last week, the FBI released its 2022 Internet Crime Report, which summarizes major cyber threat trends from the prior year and breaks down total losses and victim counts for a variety of different cybercrimes.

One important takeaway? More than a quarter of the $10.9 billion in losses reported to the FBI Internet Crime Complaint Center (IC3) was directly attributable to BEC. Read on for more highlights from this year’s report.

The Threat of Business Email Compromise Continues to Grow

First discussed in the 2015 Internet Crime Report, business email compromise (BEC) was the leading cause of financial losses for seven straight years. And while it was dethroned by investment fraud in the most recent report, these attacks were still responsible for $2.7 billion in total losses in 2022—a year-over-year increase of 14.5%.

FBI IC3 Financial Losses Attributable to BEC

Over the past five years, losses from BEC attacks have more than doubled, growing by a staggering 111% between 2018 and 2022. And in the eight years since the FBI IC3 began reporting on BEC, total losses have risen by more than 10x.

Additionally, although investment fraud recorded the highest total losses in 2022, the average amount lost per BEC attack was higher, at just over $125,600—a 300% increase since 2015.

FBI IC3 Average Losses per BEC Attack

Clearly, threat actors are continuing to see success with BEC attacks, which is why we can expect consistent growth in business email compromise for the foreseeable future.

Pig Butchering: An Emerging Type of Investment Fraud You Should Know

Investment fraud is nothing new. Indeed, Ponzi schemes have been around for over a century. But with the increasing pervasiveness of cryptocurrencies throughout the past few years, a new type of investment scam with especially costly consequences has been picking up steam: pig butchering.

Combining investment fraud and social engineering, pig butchering involves tricking targets into making large cryptocurrency investments through fake platforms over the course of several weeks or months. Once the bad actor has “fattened up the pig” (i.e., convinced the target to deposit all of their money into the account), they move forward with “butchering”—withdrawing the funds, closing the account, and blocking the target.

While pig butchering is just one type of investment fraud, its growing popularity along with its potential for higher-than-average payouts likely makes it a major contributing factor to the startling spike in losses attributed to investment scams in recent years. Between 2021 and 2022, the total losses due to investment fraud grew by 127%—from about $1.5 billion to $3.3 billion.

Phishing is Once Again the Most Common Cybercrime

In terms of total losses, phishing falls squarely in the bottom third of all attack types tracked by the IC3. However, what organizations must remember is that phishing is frequently just the first step in a variety of crimes.

Legacy technologies like secure email gateways (SEGs) can stop simple phishing attacks that contain obviously malicious links or attachments, but more advanced phishing messages often easily bypass SEGs. And when an employee engages with a phishing email, it puts the organization at considerable risk, as the information acquired enables threat actors to launch more damaging attacks like BEC, account takeover, and ransomware.

Its success as a “foot in the door” tactic is likely why phishing has been the most common cybercrime reported to the IC3 since 2019.

FBI IC3 Percentage of All Incidents Reported to IC3

And as threat actors have continually found new ways to make phishing attacks more convincing, the number of victims has steadily increased since 2019, only slightly declining between 2021 and 2022.

FBI IC3 Phishing Incidents Reported to IC3

The Need for a Modern Approach to Cybersecurity

What the 2022 Internet Crime Report drives home is how serious the threat of social engineering attacks has become and, as a result, how crucial it is for organizations to invest in innovative technology that can combat these attacks.

Modern cybercriminals are constantly refining their techniques and increasingly leveraging the same business tools that today’s organizations use to identify targets, source information, and craft convincing emails that allow them to trick employees. That means if your company is still relying on solutions that take an approach to email security that essentially hasn’t been updated in nearly two decades, you’re at a significant (and unnecessary) disadvantage.

The most effective way to protect your organization from sophisticated, socially-engineered threats like business email compromise is to implement intelligent email security technology that combines cutting-edge behavioral science with risk-adaptive detection.

See how Abnormal’s cloud email security solution detects and prevents the malicious emails that bypass traditional solutions. Schedule your demo today.

Schedule a Demo
2022 FBI IC3 Report Shows $2.7 Billion in Losses from Business Email Compromise

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More