In the US alone, over $300 million is stolen by email scammers each month, according to research.
The Financial Crimes Enforcement Network (FinCEN) found that in 2018, the number of suspicious emails reported that threatened to compromise businesses, had doubled from 500 in 2016 to 1,100 last year.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, has commented: “These scary numbers are just the tip of the BEC (Business Email Compromise) formidable iceberg. Many small businesses do not report such incidents due to unawareness that a legal recourse may exist, or luck of hope to recover the stolen monies. Large organizations may likewise conceal the losses not to spoil their reputation”
As part of the US Department of the Treasury, FinCEN was created in 1990 to deal with terrorism, money laundering, and financial crimes. However, they have been used more in recent years to combat higher levels of cybercrime, specialising in email scams.
According to moneycrashers.com, a money specialising website, scammers take money from correspondences through methods such as fake lottery scams, online banking tricks or survey scams.
For businesses, online fakers are able to get their hands on the money through fake payment instructions sent to recipients.
The rise of the cyber criminal
The cyber criminals that impersonate those at the tops of the companies, has gone down to 12% from 33% in 2017 according to the report.
But, in the same time period, the number of attempted scams has tripled.
The most popular method of taking money in 2018 was by using fraudulent vendor or client invoices. This was up to 48% from 39% the previous year.
The industries that are consistently the biggest targets for email fraud are manufacturing and construction businesses.
The real cost of scamming
To date, FinCEN says they have stopped $500 million being taken through email scams.
However, Kolochenko suggests that money lost in this type of crime isn’t just as a direct loss. He says, “Importantly, we also have to consider many other indirect costs of cybercrime. For example, growing spending on protracted and otherwise complicated due diligence on clients and partners that victims usually impose after losing money, let alone costs of investigation and legal expenses. Often a victory in a courtroom is nominal, as more money is lost than recovered or the defendants are judgment proof having no money to restitute the victims.”
How to avoid the problem
Advise has been issued about how to avoid email scams from FinCEN. This was put together with the FBI and the US Secret Service They suggest that companies could share information on accounts when they suspect red flags.
In protecting businesses from email scams, Kolochenko suggests that: “Organizations have to increasingly invest in continuous cybersecurity education of their human capital. No technology can resolve or mitigate all risks and threats without well-prepared people behind it. Contrariwise, even with imperfect or flawed technology, learned people will easily repel most of the phishing and similar attacks. From a technology standpoint, organizations should invest in continuous security monitoring practices. Yearly or even quarterly audits are insufficient to resist the growing volume and sophistication of cybercrime.”
Getsafeonline.org, a website that specialises in being safe on the internet, says email scammers can be spotted in various ways. For example, through an unrecognised or suspicious email address (for example, it may contain odd spelling mistakes), if the message contains a virus warning or the subject line and contents of an email don’t match.
The site says that for online protection, people should not open an email they suspect or make purchases connected to spam email. They recommend reporting phishing emails.