This Public Service Announcement is an update and companion piece to Business Email Compromise PSA I-060923-PSA posted on www.ic3.gov. This PSA includes new IC3 complaint information and updated statistics from October 2013 to December 2023.
Business Email Compromise/Email Account Compromise (BEC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.
The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering (PSA I-041124-PSA) or computer intrusion to conduct unauthorized transfers of funds. Often times BEC variations involve compromising legitimate business email accounts and requesting employees' Personally Identifiable Information in order to compromise other accounts that may be related to other scams.
The BEC scam continues to target small local businesses to larger corporations, and personal transactions while evolving in their techniques to access those business or personal accounts. Between December 2022 and December 2023, there was a 9% increase in identified global exposed losses. In 2023, the IC3 saw a growth in BEC reporting where funds were sent directly to a financial institution housing custodial accounts held by third-party payment processors, or peer-to-peer payment processors, and cryptocurrency exchanges (PSA I-041321-PSA and PSA I-082423-PSA) which directly contributed to the increase in global exposed losses.