Are you concerned about escalating business email compromise (BEC) scams? You’re certainly not alone in your troubles. The distressing trend is growing, with worrisome figures showing a startling 81% increase in these underhanded attacks throughout 2022.

This issue has indeed landed squarely on all our radars. Within this blog post, we’ll be unpacking key facts and figures linked to BEC attacks, giving you a thorough understanding of this problem that’s sadly becoming all too common.

So do keep reading – there’s an awful lot to wrap your head around!

Key Takeaways

  • Business email compromise (BEC) attacks have increased by 81% in 2022, highlighting the growing threat of this type of cybercrime.
  • These scams are a global problem, with organisations reporting incidents in all 50 states and 177 countries. Over 140 countries have also been affected by fraudulent transfers.
  • BEC attacks cost businesses around $43 billion globally between 2016 and 2021, with an average breach costing a company about $5.01 million.
  • Account takeover (ATO) attacks, ransomware incidents, and data breaches are also on the rise, emphasising the importance of strengthening cybersecurity measures to protect against these nefarious activities.
Business Email Compromise

Statistics of BEC Attacks

BEC attacks, also known as business email compromises, have become a significant threat to businesses worldwide.

Global Statistics

As a business owner, marketer, or marketing manager, it’s crucial to understand the global statistics related to business email compromise (BEC) attacks. These figures can provide a clear picture of the magnitude and reach of this form of cybercrime.

Business Email Compromise
Statistical IndicatorsGlobal Statistics
Number of organisations that faced BEC attacks in 202177%
Percentage increase of BEC attacks from 2020 to 202118%
Percentage of nefarious emails impersonating enterprises accounted by BEC attacks in 202399%
Number of states and countries where BEC scams have been reportedAll 50 states and 177 countries
Number of countries that have received fraudulent transfersOver 140
Number of BEC complaints received by FBI in 202221,832
Estimated losses as a result of BEC complaints in 2022Over $2.7 billion
Percentage of BEC attacks opened by employees based on recent research28%
Comparison of the volume of BEC attacks to ransomware attacks in 2022BEC attacks doubled, surpassing ransomware attacks

These statistics underline the significant threat posed by BEC attacks. As a stakeholder in the business world, it’s critical to stay vigilant against these scams.

Microsoft Cyber Signals Report

Microsoft Cyber Signals shared some interesting facts. The report shows that there was a big rise in business email compromise (BEC) attacks. Over the last year, Microsoft found 35 million BEC attempts! This is a 38% increase in cybercrime activity using business emails.

Cybercrime-as-a-Service also had a boost, rising by 38% between 2019 and 2022. In just one year, BEC attacks increased by 81%. It has grown so fast in two years that it is now at an increase of 175%! These facts show us how important it is to stay safe from these threats.

Real Estate Sector Highlights

Homebuyers face many risks in the real estate sector. One big risk is business email compromise or BEC. In 2020, BEC was the top fraud in this field. Hackers often aim at real estate firms with BEC attacks.

Sadly, we did not expect this.

The FinCEN team has a lot to say about BEC in real estate. They show how it affects buyers most of all. So, if you work with houses and flats, stay alert! You need to shield yourself from cyber attacks like these ones.

What is Business Email Compromise?

Business Email Compromise (BEC) refers to a type of cybercrime where scammers use fraudulent emails to deceive individuals or organisations into taking certain actions, such as transferring funds or providing sensitive information.

Criminals often impersonate executives or trusted contacts to carry out these scams.


Business Email Compromise, also known as BEC, is a type of trick. Bad people use email to fool others for money or secret company details. They pretend to be someone else and make fake money requests.

It’s a smart scam that often hits businesses and people who move funds around legitimately. This kind of cybercrime through emails is very harmful. In fact, it caused about $5.3 billion in losses for around 24,000 US firms! Therefore, knowing how to spot a BEC attack is key for any business owner or manager out there.

How Criminals Carry Out BEC Scams

Crafty crooks use clever tricks to pull off BEC scams. Here’s what they do:

  1. Spoof email accounts: They use almost real company email addresses with slight changes. Your eye may not see the change, but it’s there!
  2. Pick their targets: These naughty people target all kinds of businesses. No one is safe from their tricks.
  3. BEC scams are king: An eye-popping 99% of reported Business Email Compromise attacks are BEC scams.
  4. Ask for strange payments: Don’t think they’ll ask for bank transfers only, oh no! They ask for gift cards, cash app transfers or money cards in 62% of cases.
  5. Use modern methods: Now, these guys move with the times. Some even use cryptocurrency to hide their tracks.
  6. Hide behind different emails: The reply-to address often differs from the sender’s address in BEC scam emails.

BEC Statistics in 2023

According to the Fortra report, BEC attacks are projected to increase by 70% in 2023 compared to previous years. The Abnormal Security report also highlights a significant rise in attempted fraud activity through email scams.

Furthermore, the Microsoft Cyber Signals report suggests that BEC will continue to be a prevalent and financially damaging cybercrime.

Fortra’s Report

Fortra’s 2023 report is here. It gives us a clear view of business email scams. The paper looks at the tricks that bad guys use in these attacks. Fortra uses facts from its own tools, Agari and PhishLabs, to study these cheats.

They’ve discovered how the cheats have changed over time and who they aim at. The most common ways used for these attacks were also studied using data from users’ emails by PhishLabs’ SEA solution.

Abnormal Security report

In the year 2023, a study by Abnormal Security caught our eye. They found a big jump in BEC attacks. The number went up by 55% in just six months! A lot of these were sneaky impersonation attacks.

Almost all bad emails faking to be from businesses, that’s about 99%, were BEC scams. These stats show how smart and harmful these email frauds can be!

Microsoft Cyber Signals report

The Microsoft Cyber Signals report found that cybercrime targeting business email increased by 38% between 2019 and 2022. This shows a worrying trend of criminals using technology to target businesses.

The report also reveals a spike in cybersecurity activity around business email compromise (BEC) between April 2022 and April 2023, with over 150,000 attempts every day. This highlights the urgent need for businesses to strengthen their cybersecurity measures to protect themselves from these attacks.

Impacts of BEC

BEC attacks can have severe impacts on businesses, with financial losses reaching millions of dollars. Protecting your organisation from these scams is crucial in today’s digital landscape.

Cost of BEC Attacks

The cost of BEC attacks can be high. Between 2016 and 2021, these attacks were estimated to cost businesses around $43 billion globally. Each breach resulting from a BEC attack costs a business about $5.01 million.

In 2022, the financial losses due to BEC scams increased by nearly 50%, reaching $300 million more than in the previous year. These numbers show how much impact these attacks can have on a company’s finances.

It is important for business owners to be aware of these costs and take steps to protect themselves against BEC scams.

Financial Impact on Businesses

BEC attacks can have a significant financial impact on businesses. In fact, the FBI found that these attacks resulted in $51 billion in exposed losses from 2013 to 2022. When medium and large-scale companies fall victim to BEC scams, they can suffer severe financial losses and reputational damage.

The cost of a successful BEC attack is substantial, with organisations losing around $2.4 billion – at least 17 times more than what ransomware generates per incident. These numbers highlight the devastating consequences that businesses face when targeted by BEC criminals.

Cybersecurity Industry Statistics

Business email compromise

The cybersecurity industry is constantly evolving to combat the increasing threats of cybercrime. Account takeover (ATO) attacks, ransomware incidents, and data breaches are on the rise.

Discover the latest statistics in this blog post and learn how you can protect your business from these nefarious activities. Read on to stay informed and safeguard your company’s assets.

Account Takeover

Account takeover attacks are becoming increasingly prevalent in the cybersecurity industry. These attacks involve hackers gaining unauthorised access to someone’s online accounts, often through methods like phishing scams or fraudulent activity.

In the United States alone, it is estimated that around 22% of adults have fallen victim to account takeover fraud. The financial losses from these attacks can be significant, with the average amount being a certain sum.

In fact, business email compromise (BEC) and account takeovers accounted for almost half of all fraud-related financial losses in 2018. Over the years, billions of dollars have been exposed as a result of business email compromise specifically.


Ransomware is a type of cyber attack that has become increasingly common and damaging. It involves malware that encrypts data, making it inaccessible until a ransom is paid. This means that businesses can lose access to their critical files and information, potentially disrupting operations and causing significant financial losses.

In fact, organisations in the US account for 47% of ransomware attacks, with small businesses being particularly vulnerable (37% of companies hit). With these alarming statistics, it’s crucial for businesses to prioritise cybersecurity measures and awareness to protect themselves from this growing threat.

Data Breaches

Data breaches can have significant consequences for businesses. In fact, 90% of data breaches are caused by phishing attacks. These attacks often target employees through deceptive emails or messages, leading them to share sensitive information or provide access to company systems unknowingly.

Small businesses are particularly vulnerable, with 46% of cyber breaches affecting companies with fewer than 1,000 employees. The impact of these breaches can be costly in terms of financial losses and damage to a company’s reputation.

It is important for businesses to stay informed about the latest cybersecurity statistics and take proactive measures to protect their data from such breaches.

BEC & Fraud

BEC, which stands for Business Email Compromise, is a type of fraud that has been on the rise in recent years. It involves criminals impersonating enterprises and using deceptive tactics to trick individuals or businesses into sending them money or sensitive information.

This type of fraud is becoming increasingly common, with BEC attacks making up 99% of attacks impersonating enterprises in 2023.

In fact, 77% of organisations faced BEC attacks in 2021, representing an 18% increase from the previous year. The impact can be significant, as there was a 65% increase in identified globally exposed losses from BEC fraud.

The FBI even reported BEC as a $51 billion threat.

It’s important for business owners and marketing managers to be aware of this growing issue and take steps to protect themselves and their organisations. By understanding what BEC scams are and how they are carried out, you can better safeguard your company against these types of fraudulent activities.

Additionally, reporting suspicious emails or incidents to the appropriate authorities can help combat this cybercrime.

Protection & Prevention

To protect yourself from business email compromise, being vigilant and taking proactive measures is crucial. Report suspicious activities to the relevant authorities, such as IC3 or the FBI, who provide resources and assistance for victims.

Additionally, ensure that your company has strong email security protocols in place, such as two-factor authentication and encryption. Regularly educate employees about phishing scams and how to identify fraudulent emails.

Implementing these protective measures can greatly reduce the risk of falling victim to a BEC attack.

How to Report

If you think you’re being targeted by a BEC email, it’s important to report the incident right away. You can do this by contacting law enforcement or filing a complaint with the IC3 (Internet Crime Complaint Center).

Reporting these incidents is crucial for the protection and prevention of cybercrime. By working together, we can help stop scammers in their tracks and keep our businesses safe from online fraud.

How to Protect Yourself

To protect yourself from BEC attacks, follow these important steps:

  1. Stay informed: Educate yourself and your employees about the risks and common schemes used in BEC attacks.
  2. Be cautious with emails: Scrutinise all emails, especially those that involve financial transactions or requests for sensitive information. Look out for suspicious email addresses, language errors, urgent demands, or unusual requests.
  3. Verify changes in financial transactions: If you receive an email requesting changes to payment instructions, contact the sender through a trusted phone number or in person to confirm the request is legitimate.
  4. Implement strong security measures: Use multi-factor authentication for email accounts and ensure systems are updated with the latest security patches and antivirus software.
  5. Train employees to identify BEC attacks: Conduct regular training sessions to help employees recognise signs of phishing attempts and teach them proper procedures for handling sensitive information.
  6. Establish clear protocols: Develop policies on handling large money transfers or requests for sensitive information. Ensure all employees are aware of these protocols and follow them consistently.
  7. Maintain good communication channels: Encourage an open environment where employees feel comfortable reporting suspicious emails or potential security breaches promptly.

Suggestions for Protection

To protect your business from business email compromise (BEC), here are some suggestions:

  1. Use strong email security measures, such as implementing two-factor authentication and encryption.
  2. Verify any requests for changes in account information through secondary channels or in person.
  3. Train your employees on identifying and protecting against BEC scams, including educating them about common phishing techniques.
  4. Regularly update and patch your software and systems to ensure they are secure against potential vulnerabilities.
  5. Maintain a culture of awareness and scepticism towards suspicious emails or requests, encouraging employees to report any fraudulent activities promptly.
  6. Establish clear procedures for financial transactions, including requiring multiple levels of authorisation and verification for large transfers.
  7. Review and monitor your financial accounts for unauthorised transfers or suspicious activity.
  8. Stay informed about the latest cybersecurity threats and trends by following reputable sources and organisations in the industry.


For more information on business email compromise and how to protect yourself, check out the Public Service Announcements from IC3, along with the FBI Report and FBI News and Multimedia.

Stay informed and stay safe in the face of these fraudulent activities.

Public Service Announcements from IC3

The IC3 has released public service announcements about business email compromise (BEC) statistics. One announcement explains that BEC is a sophisticated scam targeting businesses and individuals involved in legitimate transfers.

Another announcement reveals that BEC scams have resulted in losses of $43 billion, showing the seriousness of the issue. Also, based on victim complaints received by IC3, there has been an increase in BEC scams targeting the real estate sector.

The IC3’s 2022 Internet Crime Report indicates a 5% decrease in complaints compared to the previous year.

FBI Report

The FBI recently released a report on business email compromise (BEC) statistics. The report highlights their efforts in combating BEC scams and related cybercrimes. According to the Internet Crime Complaint Center (IC3), BEC scams were one of the top cybercrimes in 2022, affecting both businesses and individuals involved in fund transfers.

It’s important to note that organised crime groups are responsible for carrying out these financial frauds. The IC3 also identified exposed losses amounting to $51 billion due to business email compromise from 2013 to 2022.

This underscores the significant impact of BEC on businesses and individuals alike, making it crucial for everyone to stay informed and take measures to protect themselves against such threats.

FBI News and Multimedia

The FBI is actively researching and monitoring the Business Email Compromise (BEC) to combat the increasing threat of online scams and fraudulent schemes. They have recently released updated figures on BEC, revealing that billions of dollars have been lost due to these cybercrimes.

As business owners, marketing managers, and marketers, it is important for us to stay informed about such cybersecurity threats. By accessing the FBI News and Multimedia resources, we can learn about ongoing criminal investigations, loss prevention strategies, and measures taken against money laundering in relation to BEC attacks.

Let’s utilise these resources to protect our businesses from financial fraud and contribute to a safer online environment for everyone.

Business email compromise (BEC) attacks are a serious and growing threat to businesses worldwide. The statistics show that these fraudulent activities have increased significantly over the years, resulting in billions of dollars in losses. It is crucial for organisations to be aware of the risks and take proactive measures to protect themselves from BEC scams. By staying informed about the latest trends and implementing robust cybersecurity practices, businesses can safeguard their financial assets and sensitive information from falling into the wrong hands.


What is a business email compromise (BEC)?

Business email compromise (BEC) refers to a type of cybercrime where fraudsters trick individuals or businesses into transferring money or sensitive information through deceptive emails posing as legitimate entities.

How common are business email compromises?

Business email compromises are becoming increasingly common, with thousands of reported cases worldwide each year.

How can I protect myself and my company from business email compromises?

To protect yourself and your company from business email compromises, it’s important to implement security measures such as multi-factor authentication, employee training on recognising phishing attempts and verifying any financial requests through alternate means of communication.

What should I do if I suspect a business email compromise?

If you suspect a business email compromise has occurred or received suspicious emails requesting financial transactions or sensitive information, report it immediately to your organisation’s IT department or the appropriate authorities for investigation.

Can small businesses be targeted by business email compromises?

Yes, small businesses can also be targeted by business email compromises, as perpetrators often exploit vulnerabilities in communication processes regardless of the size of the organisation.

Leave a comment

Your email address will not be published. Required fields are marked *