The US Federal Bureau of Investigations (FBI) released its 2019 Internet Crime report via a post to its website. The annual report examines criminal cyber activity, including eCommerce fraud. It states that the bureau received an average of 1,300 complaints per day about internet crime, with $3.5 billion lost to fraud.
According to the report, the types of fraud did not increase in 2019. However, Donna Gregory chief of the FBI’s Internet Crime Complaint Center (IC3), stated that fraudsters worked hard to refine and perfect the strategies and tactics they use to commit known types of fraud.
“Criminals are getting so sophisticated,” he said. “It is getting harder and harder for victims to spot the red flags and tell real from fake.”
This year, a main focus is on business email compromise (BEC). IC3 received 23,775 BEC complaints in 2019. Victims lost $1.7 billion. Fund diversion attacks increased the most.
This fraud takes several forms. One common tactic is to impersonate an executive and ask an employee to transfer funds immediately due to urgent circumstances. A second common tactic is payroll diversion. This fraud diverts salaries into a fraudulent account. According to the IC3, payroll fraud increased in 2019.
“In this type of scheme, a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period,” the report said. The change instead routes an employee’s paycheck to a criminal.”
BEC is an increasingly profitable fraud due to a lack of security features in popular email programs. In addition, what started out as a tactic of attempting to impersonate executives has evolved into something much more sophisticated. Today’s fraudsters will make sophisticated requests that accurately impersonate employees via data scraping and other dark web techniques.
“Over the years, the scam evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector,and fraudulent requests for large amounts of gift cards,” the report said.