Cybercriminals who scam businesses into transferring funds to them through phony emails attempted to steal more than $300 million a month last year, with manufacturing and construction firms being the top targets, according to a U.S. government report.
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) said financial institutions filed more than 1,100 suspicious activity reports (SAR) involving so-called business email compromise (BEC) scams in 2018, up from nearly 500 per month in 2016.
The total value of attempted BEC thefts climbed to an average of $301 million per month in 2018 from only $110 million per month in 2016, FinCEN said.
The report also found that scam methods are evolving, with the use of fraudulent vendor or client invoices growing, in part because of the potential for greater financial gain and because the business community may have become more aware of scams using fraudulent emails impersonating the CEO or president of a company.
Impersonation emails accounted for 33% of scams in 2017, making them the most popular methodology, but declined to 12% last year. The use of fraudulent vendor or client invoices grew from 30% of scams in 2017 to 39% in 2018, becoming the most common BEC method.
The average transaction amount for BECs impersonating a vendor or client invoice was $125,439, compared with $50,373 for impersonating a CEO, FinCEN noted.
BEC scammers generally target organizations that conduct large wire transfers in the course of their usual business and rely on email to process transfers. “Recent reporting indicates that other financial products, such as convertible virtual currency, automated clearing house transfers, and gift cards, can be used in BEC schemes,” according to FinCEN.
Manufacturing and construction were the most targeted sectors in both 2017 and 2018, representing 20% of all suspicious transactions in 2017 and 25% in 2018. One-third of those transactions listed a foreign beneficiary.
“Regular interactions with overseas suppliers, who may require regular use of wire transfers for payment, and publicly available client information likely make manufacturing and construction companies particularly susceptible to BEC fraud,” FinCEN said.