Defining and Describing the Impact of Business Email Compromise

Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Between June 2016, and July 2019, more than $26B in exposed dollar losses due to BEC/EAC were reported to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3).

en flag
nl flag
fr flag
de flag
pt flag
es flag

FBI Public Service Announcement  (I-091019-PSA)

  • Total U.S. victims: 69,384
  • Total U.S. exposed dollar loss: $10,135,319,091
  • Total non-U.S. victims: 3,624
  • Total non-U.S. exposed dollar loss: $1,053,331,166

The following statistics were reported in victim complaints to the IC3 between June 2016 and July 2019:

  • Total U.S. financial recipients: 32,367
  • Total U.S. financial recipient exposed dollar loss: $3,543,308,220
  • Total non-U.S. financial recipients: 14,719
  • Total non-U.S. financial recipient exposed dollar loss: $4,843,767,489

BEC and Payroll Diversion

The IC3 has received an increased number of BEC complaints concerning the diversion of payroll funds. Complaints indicate that a company’s human resources or payroll department receives spoofed emails appearing to be from employees requesting a change to their direct deposit account. This is different from the payroll diversion scheme in which the subject gains access to an employee’s direct deposit account and alters the routing to another account. (3)

In a typical example, HR or payroll representatives received emails appearing to be from employees requesting to update their direct deposit information for the current pay period. The new direct deposit information provided to HR or payroll representatives generally leads to a pre-paid card account.

Some companies reported receiving phishing emails prior to receiving requests for changes to direct deposit accounts. In these cases, multiple employees may receive the same email that contains a spoofed log-in page for an email host. Employees enter their usernames and passwords on the spoofed log-in page, which allows the subject to gather and use employee credentials to access the employees’ personal information. This makes the direct deposit requests appear legitimate.

Payroll diversion schemes that include an intrusion event have been reported to the IC3 for several years. Only recently, however, have these schemes been directly connected to BEC actors through IC3 complaints.

A total of 1,053 complaints reporting this BEC evolution of the payroll diversion scheme were filed with the IC3 between Jan. 1, 2018, and June 30, 2019, with a total reported loss of $8,323,354. The average dollar loss reported in a complaint was $7,904. The dollar loss of direct deposit change requests increased more than 815 percent between Jan. 1, 2018, and June 30, 2019, as there was minimal reporting of this scheme in IC3 complaints prior to January 2018.

Suggestions for Protection

Employees should be educated about and alert to this scheme. Training should include preventative strategies and reactive measures in case they are victimized. Among other steps, employees should be told to:

  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII in response to any emails.
  • Monitor their personal financial accounts on a regular basis for irregularities, such as missing deposits.
  • Keep all software patches on and all systems updated.
  • Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders address email address appears to match who it is coming from.
  • Ensure the settings the employees’ computer are enabled to allow full email extensions to be viewed.

If you discover you are the victim of a fraudulent incident, immediately contact your financial institution to request a recall of funds and your employer to report irregularities with payroll deposits.

As soon as possible, file a complaint regardless of the amount with www.ic3.gov or, for BEC/EAC victims, BEC.IC3.gov.


(1) Reference PSA 1-022118-PSA Increase in W-2 Phishing Campaigns 
(2) Exposed dollar loss includes actual and attempted loss in United States dollars 
(3) Reference PSA I-091818-PSA Cybercriminals Utilize Social Engineering Techniques to Obtain Employee Credentials to Conduct Payroll Diversion 


Read the complete alert at Business Email Compromise: The $26 Billion Scam

Additional Reading

Source: ComplexDiscovery

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during the last two years with 334 individual responses, the semi-annual eDiscovery Pricing Survey highlights pricing on selected collection, processing, and review tasks. The aggregate results of all surveys as shared in the provided comparative charts may be helpful for understanding pricing and its impact on purchasing behavior on selected services over time.



Access the Results Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

A Cybersecurity Self Check? Medical Facilities Best Practice Test Criteria for Article 32 GDPR

According to the publishers, this paper is an aid to quickly...

Classifications, Concerns, and Concepts: Reference Architectures and the Industrial Internet of Things

The expected disruptive developments collectively referred to as the Internet of...

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

An eDiscovery Market Size Mashup: 2018-2023 Worldwide Software and Services Overview

The annual eDiscovery Market Size Mashup estimates the combined worldwide eDiscovery...

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during...

A Pandemeconomic Indicator? Summer 2020 eDiscovery Pricing Survey Results

Based on the complexity of data and legal discovery, it is...

COVID-19 Constrained? The Impact of Six Issues on the Business of eDiscovery

In the spring of 2020, 51.2% of respondents viewed budgetary constraints...

A Cause to Pause? eDiscovery Operational Metrics in the Spring of 2020

In the spring of 2020, 150 eDiscovery Business Confidence Survey participants...

eDiscovery Mergers, Acquisitions, and Investments in Q1 2020

From HaystackID and Everlaw to Cellebrite and Carbonite, ComplexDiscovery findings, data...

eDiscovery Technology Provider Everlaw Raises $62M

"Everlaw is changing the way legal teams uncover the truth buried...

OpenText Buys Secure Information Exchange and Unified Communications Leader XMedius

“We welcome XMedius’s customers, strong partner network and employees to OpenText,"...

TCDI Receives Private Equity Investment from Trivest Partners

“We are excited to partner with TCDI and Bill Johnson to...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...

Five Great Reads on Data Discovery and Legal Discovery for March 2020

From business continuity considerations to cybersecurity attacks, the March 2020 edition...

Five Great Reads on Data Discovery and Legal Discovery for February 2020

From cyber operations to pricing data points on eDiscovery, the February...