This article is more than 1 year old
Email scammers extract over $300m a month from American suits' pockets
FinCEN has recovered more than $500m to date
While you're sweating to make an honest crust, email scammers are counting at least $301m in untaxed takings every month in the US alone, according to research by the Financial Crimes Enforcement Network.
The FinCEN agency tallied the figures for 2018 (PDF) and found the number of suspicious activity reports describing business email compromises had more than doubled from around 500 per month in 2016, to over 1,100 per month last year.
Meanwhile, the number of scammers ballsy enough to impersonate a CEO or other members of the C-suite declined to 12 per cent, down from 33 per cent in 2017.
The total value of attempted scams more than tripled in the same period.
The agency revealed the favourite method of extracting payment information in 2018 involved fraudulent vendor or client invoices, with this method responsible for 39 per cent of incidents in 2018, up from 30 per cent in 2017.
American manufacturing and construction businesses were the top targets for business email fraud, in both 2017 and 2018.
FinCEN is a bureau of the US Department of the Treasury, established in 1990 to combat money laundering, terrorist financing and other financial crimes. In recent years, it has assumed a more active role in the cybercrim arena and cryptocurrency markets.
One of its specialist subjects is email scams, mostly involving fraudulent payment instructions sent to financial institutions or businesses in order to help criminals get their hands on corporate funds.
FinCEN said that, working with law enforcement agencies, it had managed to stop misappropriation of more than $500m via email to date – including $200m since 2017.
The agency has issued an updated advisory on email fraud schemes detailing red flags — developed in consultation with the FBI and the US Secret Service — that financial institutions may use to identify and prevent popular methods of email fraud.
The advisory also suggests that financial institutions could share information about accounts affiliated with email compromise schemes to identify risks of fraudulent transactions and money laundering – FinCEN can't force them to do this so it's asking nicely.
"FinCEN has been a global leader and innovator in countering BEC [Business Email Compromise] breaches and their devastating effects on businesses, individuals, and national security," said FinCEN director Kenneth Blanco.
"The Bank Secrecy Act data is a critical resource in combatting all types of financial crime. We hold, safeguard, and analyse that data and we share our expertise with law enforcement and our industry partners to help make America safer." ®