FBI figures show a 107 percent increase from 2017 to 2018 in “Business Email Compromise” complaints, known as BEC, in the bureau’s Pittsburgh region.
BECs occur when victims with access to company finances are convinced through phishing emails, phone calls or other methods that they are conducting a legitimate business transaction—but instead, the money ends up in accounts controlled by organized crime groups.
Data show there were 163 local BEC complaints totaling $5.6 million in 2017. That jumped to 247 complaints the next year worth $11.7 million. The trend matches ransomware complaints, which rose in value from just over $1000 to $5,000 in the same period.
Doug Olson, assistant special agent in charge at FBI Pittsburgh, said there are several reasons why those numbers are up.
“Reporting is higher. I think we have a really effective outreach program, and one of the byproducts of that is better reporting.”
Since the FBI began tracking BECs 2013, officials report "organized crime groups have targeted large and small companies and organizations in every U.S. state and more than 100 countries around the world—from non-profits and well-known corporations to churches and school systems." Losses are estimated in the billions of dollars and climbing.
Olson says a robust economy locally has also resulted in the creation of more small- to medium-sized businesses, which "are very focused on growth, so maybe they haven’t made that investment yet in hardening their networks and educating their employees.”
When malicious cyber actors successfully attack a business or organization, they often repeat the attacks in the same areas with the same types of victims. Olson said the best protection is often a good defense. He recommends hardening networks, having back-ups in place and educating employees and all users on how to spot phishing emails. He also suggests firms establish a relationship with the FBI and report all attacks.
Read more Pittsburgh Business Report stories here.