14 DAY TRIAL // The US Federal Burea of Investigation (FBI) issued a public service announcement for companies across the US, warning about the rise in so-called BEC (Business Email Compromise) scams, also known as whaling attacks or CEO fraud.
The FBI alert comes just eight months after a previous warning, put out last August. Back then, the FBI was saying that, between October 2013 and August 2015, businesses around the world lost over $1.2 billion / €1.07 billion to these types of attacks.
Companies lost an additional $1.1 billion in the last eight months
Now, the FBI has updated these numbers and is saying that, between October 2013 and February 2016, businesses from all 50 US states and 79 countries reported losses of $2.3 billion / €2 billion from 17,642 reports.
This means that, between August 2015 and February 2016, companies lost an additional $1.1 billion / €0.97 billion. The FBI says that, from January 2015 up to February 2016, the number of victims that fell to BEC scams grew 270 percent.
A similar increase was also recorded by third-party observers, like cyber-security firm Mimecast, which reported at the end of 2015 a 55 percent rise in whaling attacks in Q4 2015, and then in March another 67 percent rise for Q1 2016.
BEC scams are the most lucrative cyber-crimes
BEC scams are popular because they're easy to carry out, don't require advanced technical knowledge, and allow crooks to trick victims out of large sums of money.
Compared to the alternative of running financial trojan botnets or ransomware operations, crooks don't need high-level programming skills, a huge server infrastructure, nor do they need to infect many victims to make larger profits.
Regular crime organizations can find it much easier to migrate to carrying out BEC scams when compared to running a DDoS botnet, banking trojan subnets, or dealing with faulty ransomware encryption that needs fixing before re-deployment. Sending a spoofed email is a thousand times easier than dealing with a Rijndael block cipher.