$1.3 Billion is a Lot of Money
The FBI says that reported losses due to Business EMail Compromise attacks reached a whopping $1.3 billion in 2018, double the losses reported in 2017.
On the other hand, the number of ransomware complaints is down to levels reported in 2014.
There were 20,373 Business EMail Attacks reported last year, compared to 15,690 in 2017. The losses in 2017 were $676 million, but increased to a whopping $1.297 billion last year.
For ransomware attacks, there were 1,783 attacks reported in 2017 and 1,493 attacks last year. This represents $2.3 million in 2017 and $3.6 million last year (fewer attacks but more cost).
The Securities and Exchange Commission reported late last year that they investigated around a dozen companies who spent $98 million on Business EMail Compromise scams.
Also remember that this only represents what was reported to the FBI. The total costs are unknown.
This probably means that people are getting better at backups and having emergency plans, so other than the massive ransomware attacks, people are beginning to understand what they need to do in order to avoid paying the ransom. Are you prepared?
On the other hand, it apparently means that businesses have not gotten their arms around sending money to scammers. The dollars basically doubled from 2017 to 2018. That is not a good sign.
The attacks are, for the most part, straight forward. Usually they send someone an email saying change the destination for a payment (ACH or wire into the scammers account) or create fake invoices and see if they get paid. Creating some processes should really reduce the likelihood of falling for an attack. One common thread to these scams is that they try to create a lot of urgency around getting the money out to them. They probably figure that the longer the request is in accounting, the greater the chance that the scam will be detected.
Train your employees to resist the temptation to respond to the urgency, to walk down the hall to executive row if some large or odd request comes in and follow the defined payment processes.
$1.3 billion is a number that is enough to get my attention. Does it get your attention?
Source: ZDNet.