Scam email explodes: 50 percent increase in Q1 2019, says Symantec

Whatever numbers you look at, business email compromise (BEC) scams have become a massive industry over the past five years. 

The scam earns a small group of criminals hundreds of millions each month through trickery, often without the aid of malware or exploits for software vulnerabilities. 

The FBI estimates that email scammers have conned businesses globally out of $12 billion in payments over the past five years that were wired, often in large sums, to fraudster-controlled accounts. 

In the US, financial crimes authority FinCEN recently reported that victim businesses are wiring about $300 million a month to scammers, usually to US bank accounts controlled by money mules, who then forward the funds onwards and out to foreign bank accounts. 

BEC scams typically involve fabricated payment instructions purported to come from a senior executive of a company or from a business partner or supplier. In some cases, email accounts have been hacked or spoofed, but other attacks rely purely on social engineering.