FBI Reports Business email Compromise and Real Fraud surpass $2.4B

The following is a summary of the Department of Justice’s 2022 report on Business email Compromise (BEC) and Real Estate Wire Fraud (REWF). BEC is one of the fastest growing, most financially damaging internet-enabled crimes. It is a major threat to the global economy. In 2021, the Internet Crime Complaint Center (IC3) received BEC related complaints with claimed losses exceeding $2.4 billion. It should be noted that this is ONLY the complaints filed. I would expect the actual numbers to be much higher!

For context, the IC3 found yearly losses attributable to BEC actors were $360 million in calendar year 2016. The sophistication of BEC criminal actors and their ever- evolving tactics has similarly increased over time, likely driving the increased dollar losses. BEC actors have targeted large and small companies and organizations in every U.S. state and more than 150 countries around the world.

Business Email Compromise Timeline
FBI graphic: BEC Timeline

The report talks about two types of cybercrime that can harm real estate professionals and their clients: BEC and REWF. BEC involves using fake emails to impersonate company employees or executives to trick others into sending money to the criminals’ accounts. REWF is similar but targets people involved in real estate transactions.

Criminals who engage in REWF pose as parties in the transaction and directly communicate with the other parties to steal funds intended to pay for the real estate. According to a complaint database, victims from different levels of a real estate transaction have reported such activity. This includes title companies, law firms, real estate agents, buyers, and sellers. BEC and REWF are among the most financially damaging types of cybercrime and pose a significant threat to the US economy.

The FBI report provides examples and statistics to show how common and serious these types of fraud are in the real estate industry. For instance, in one case, criminals used fraudulent wire instructions to divert over $800,000 in closing funds from a real estate transaction. The report suggests that real estate professionals can take precautions to safeguard themselves and their clients from BEC and REWF. For example, they should verify wire transfer instructions with the client by calling a previously established phone number, not the one provided in the email or message.

The FBI encourages real estate professionals to report any suspected instances of BEC or REWF to the FBI’s Internet Crime Complaint Center (IC3). The FBI and the real estate industry can work together to combat these types of cybercrime and protect the industry and its clients from financial losses. The FBI has special mechanisms for intercepting these funds, although it is not guaranteed. It is essential to explore all possible options when dealing with this type of crime.

If you or your company fall victim to a BEC scam, it’s important to act quickly:

  • Contact your financial institution immediately and request that they contact the financial institution where the transfer was sent.
  • Next, contact your local FBI field office to report the crime.
  • Also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

NOTE: IC3.gov is the reporting site for the US. If you are outside the US, here are other reporting sites:

Resources 

Public Service Announcements from IC3


02.16.2022  
Business E-mail Compromise: Virtual Meeting Platforms
Between 2019 and 2021, the FBI IC3 has received an increase of BEC complaints involving the use of virtual meeting platforms.

04.06.2020  Cyber Criminals Conduct Business Email Compromise Through Exploitation of Cloud-Based Email Services, Costing U.S. Businesses More Than $2 Billion
Cyber criminals are targeting organizations that use popular cloud-based email services to conduct BEC scams.

09.10.2019  Business Email Compromise: The $26 Billion Scam
Business email compromise/email account compromise is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.

FBI Report 


Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He writes on cybersecurity and board management for both corporate and nonprofit boards.

Paul Bergman
Follow me