statistics banner

The most common scams targeted at businesses during 2020 were:

  • Purchase scams, where non-existent products and services were sold, with an average of $4,233 lost by businesses in each case.
  • Invoice scams, costing victims an average of $33,870 per case.
  • Impersonation scams which saw average losses of $8,466 per case.
  • While not among the most common, investment scams were the most damaging financially to businesses during 2020 with each case costing victims more than $38,099.

Identity Theft

Ransomware attacks: Ransomware as a service is the big problem for business. Easy-to-use ransomware as a service schemes are booming, accounting for almost two-thirds of ransomware campaigns during the past year.

In 2019, the IC3 reported 8.9 million in ransomware losses with over $29.1 million in losses in 2020. A 226% increase from the previous year.

Business email compromise: The cost of business email compromise is 64 times worse than ransomware. In fact, BEC comprised 37% of all losses in 2020 with over 1.8 billion reported to the FBI. This number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services acquired by a victim.

Wire Fraud continues to grow and becomes harder to detect. The BEC/EAC scheme has evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards. The number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency is increasing.

FBI data shows a 700% growth in this area over the last five years.

Account takeover will increase: Account takeover is essentially doubling each year as criminals become more technically savvy and automated. Account takeover fraud remains an ongoing problem for financial institutions, e-commerce merchants, and virtually any organization that offers products or services that can be monetized.

Last year, account takeover fraud cost U.S. businesses nearly $7 billion in losses.

Remote working: Adapting existing controls to the remote working environment, the use of data and analytics in monitoring risks, and the proper balance between human and technological oversight will become more important as the 'new normal' takes hold. Compliance with regulatory controls should remain high priority for businesses, otherwise they create opportunity for criminals and risk regulatory investigations, leading to fiscal and reputational damages in the future. For many businesses, existing training on preventing wire fraud and other criminal attacks will need to be reinforced.

Cybercrime-as-a-service: Among the numerous services offered in the cybercrime underground, ransomware-as-a-service platforms, DDoS-for-hire platforms and spamming services will facilitate the emergence of new criminal organizations and speeds up the operations of existing ones.

Phishing kit developers will offer more refined products: Phishing kit developers will offer more refined products, further lowering the skill required to launch a phishing campaign. Attackers are improving the quality of their phishing campaigns by minimizing or hiding common signs of an imposter scam phish.

Deep fake technology for identity fraud: This technology will be used to attack call centers and for business email compromise scams.

More social engineering for authorized push payments (APP): These scams are extremely effective and defeat all controls such as authentication, device, and location analysis. Criminals just need to persuade people into authorizing a payment to them. These includes impersonating a supplier or contractor and sending a fake invoice to a business.

Security for the "phygital" shopping experience: Blending the elements of both a physical (curbside pickup, displaying your photo ID) and digital (selecting inventory and submitting payment, multifactor authentication) shopping experience together. The combined online and in-store shopping habits are here to stay for the long term.

With the threats to businesses being so diverse, all businesses need to improve their cybersecurity practices. We can help them do that through you. Learn how.

Copyrights © All Rights Reserved by eFraud Prevention, LLC