chat
expand_more

2022 FBI IC3 Report Shows $2.7 Billion in Losses from Business Email Compromise

Discover the biggest takeaways about business email compromise, pig butchering, and phishing from the 2022 FBI Internet Crime Report.
March 13, 2023

Ransomware attacks might be what makes the biggest headlines, but year after year one attack type remains a leading culprit for massive financial losses: business email compromise (BEC).

Last week, the FBI released its 2022 Internet Crime Report, which summarizes major cyber threat trends from the prior year and breaks down total losses and victim counts for a variety of different cybercrimes.

One important takeaway? More than a quarter of the $10.9 billion in losses reported to the FBI Internet Crime Complaint Center (IC3) was directly attributable to BEC. Read on for more highlights from this year’s report.

The Threat of Business Email Compromise Continues to Grow

First discussed in the 2015 Internet Crime Report, business email compromise (BEC) was the leading cause of financial losses for seven straight years. And while it was dethroned by investment fraud in the most recent report, these attacks were still responsible for $2.7 billion in total losses in 2022—a year-over-year increase of 14.5%.

FBI IC3 Financial Losses Attributable to BEC

Over the past five years, losses from BEC attacks have more than doubled, growing by a staggering 111% between 2018 and 2022. And in the eight years since the FBI IC3 began reporting on BEC, total losses have risen by more than 10x.

Additionally, although investment fraud recorded the highest total losses in 2022, the average amount lost per BEC attack was higher, at just over $125,600—a 300% increase since 2015.

FBI IC3 Average Losses per BEC Attack

Clearly, threat actors are continuing to see success with BEC attacks, which is why we can expect consistent growth in business email compromise for the foreseeable future.

Pig Butchering: An Emerging Type of Investment Fraud You Should Know

Investment fraud is nothing new. Indeed, Ponzi schemes have been around for over a century. But with the increasing pervasiveness of cryptocurrencies throughout the past few years, a new type of investment scam with especially costly consequences has been picking up steam: pig butchering.

Combining investment fraud and social engineering, pig butchering involves tricking targets into making large cryptocurrency investments through fake platforms over the course of several weeks or months. Once the bad actor has “fattened up the pig” (i.e., convinced the target to deposit all of their money into the account), they move forward with “butchering”—withdrawing the funds, closing the account, and blocking the target.

While pig butchering is just one type of investment fraud, its growing popularity along with its potential for higher-than-average payouts likely makes it a major contributing factor to the startling spike in losses attributed to investment scams in recent years. Between 2021 and 2022, the total losses due to investment fraud grew by 127%—from about $1.5 billion to $3.3 billion.

Phishing is Once Again the Most Common Cybercrime

In terms of total losses, phishing falls squarely in the bottom third of all attack types tracked by the IC3. However, what organizations must remember is that phishing is frequently just the first step in a variety of crimes.

Legacy technologies like secure email gateways (SEGs) can stop simple phishing attacks that contain obviously malicious links or attachments, but more advanced phishing messages often easily bypass SEGs. And when an employee engages with a phishing email, it puts the organization at considerable risk, as the information acquired enables threat actors to launch more damaging attacks like BEC, account takeover, and ransomware.

Its success as a “foot in the door” tactic is likely why phishing has been the most common cybercrime reported to the IC3 since 2019.

FBI IC3 Percentage of All Incidents Reported to IC3

And as threat actors have continually found new ways to make phishing attacks more convincing, the number of victims has steadily increased since 2019, only slightly declining between 2021 and 2022.

FBI IC3 Phishing Incidents Reported to IC3

The Need for a Modern Approach to Cybersecurity

What the 2022 Internet Crime Report drives home is how serious the threat of social engineering attacks has become and, as a result, how crucial it is for organizations to invest in innovative technology that can combat these attacks.

Modern cybercriminals are constantly refining their techniques and increasingly leveraging the same business tools that today’s organizations use to identify targets, source information, and craft convincing emails that allow them to trick employees. That means if your company is still relying on solutions that take an approach to email security that essentially hasn’t been updated in nearly two decades, you’re at a significant (and unnecessary) disadvantage.

The most effective way to protect your organization from sophisticated, socially-engineered threats like business email compromise is to implement intelligent email security technology that combines cutting-edge behavioral science with risk-adaptive detection.

See how Abnormal’s cloud email security solution detects and prevents the malicious emails that bypass traditional solutions. Schedule your demo today.

Schedule a Demo
2022 FBI IC3 Report Shows $2.7 Billion in Losses from Business Email Compromise

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Podcast Blog
Explore insights on AI, collaboration, career growth, and unforgettable stories from industry leaders shaping the future of cybersecurity.
Read More
B AI Vendor
Learn how to evaluate transparency, risks, scalability, and ethical considerations to make informed cybersecurity decisions.
Read More
B SOC Prod
Learn how AI-driven automation boosts SOC productivity by reducing false positives, addressing skills gaps, and enhancing threat detection. Discover strategies to future-proof your SOC and strengthen cybersecurity defenses.
Read More
B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More