A look at the FBI’s Internet Complaint Center indicates Business Email Compromise (also known as CEO Fraud and Social Engineering Fraud) topped the list of fraud complaints by a huge margin.

• Business Email Compromise: 360 Mill
• Corporate Data Breach: 95 Mill
• Personal Data Breach: 59 Mill
• Vishing, phishing, etc: 31 Mill
• Denial of Service / DDOS attacks: 11 Mill
• Malware: 3.8 Mill
• Ransomware: 2.4 Mill
• Virus: 1.6 Mill
   

In terms of total damage, business email compromise inflicted a total of 360 Million in 2016 alone. According to FBI’s statistics here, compiled from October 2013 to December 2016, there were a total of 22,292 US victims with a total dollar loss of 1.594 Billion which is an average of 71,000 per victim.  The FBI was also quick to point out (what many cyber experts have been warning): CEO fraud is evolving to smaller and mid-sized businesses.

In business email compromise attacks, cyber criminals will often study their targets, then send a fraudulent request appearing to be an invoice or transfer request from a 3^rd party contractor, supplier, accountant or attorney (among others). These emails can be difficult to detect as they often exactly mirror an authentic request. Occasionally these attacks escalate into other cyber incidents such as a follow up ransomware attack. The best way to defend against such schemes is through a combination of 1) employee training, 2) dual verification of transfer requests and account numbers and 3) placement of strong social engineering coverage.

A deeper look at the statics yields some other interesting findings. Viruses and malware combined inflicted more than twice the damage than ransomware attacks last year totaling 5.4 Mill. With 2017 being a busy year for ransomware, this statistic may change. It should be pointed out, as noted by Krebs On Security: it is estimated only 15% of fraud crimes are actually reported, which would inflate the below figures roughly 7 fold. It also appears the majority of fraud affects those over 50 – likely due to being move vulnerable and less educated on technology/cyber crimes.