Email scams are already the most expensive cybercrime

A shopping spree in Beverly Hills, a luxury vacation in Mexico, a bank account that went from $299 to $1.4 million overnight. It looked as if Moe and Kateryna Abourched had hit the jackpot, but their sudden wealth didn’t come from some lucky numbers.

In reality, what happened was that a school district in Michigan was tricked into sending its monthly health insurance payments to the bank account of a nail salon owned by the Abourcheds, according to a search warrant filed by a U.S. agent. Secret Service in federal court.

Police say the school district — and taxpayers — were victims of an online scam known as Business Email Compromise, or BEC, a type of fraud in which Criminals hack email accounts, impersonate another person or institution, and trick victims into sending money elsewhere.

The couple claims to be innocent and has not yet been charged with any crime.

BEC scams get far less attention than massive “ransomware” attacks – in which hackers break into networks and encrypt data in return for ransom payments – which have prompted a strong government response.

Yet BEC scams have been by far the costliest type of cybercrime in the United States for years, according to the FBI, siphoning billions of dollars from the economy as authorities work to combat it.

The huge profits and low risks associated with BEC scams have attracted criminals all over the world. Some even flaunt their ill-gotten gains on social media, posing for photos next to luxury cars like Ferraris, Bentleys and piles of cash.

“The scammers are extremely well organized and the law enforcement agencies are not,” admitted Sherry Williams, director of a San Francisco nonprofit organization that was recently duped by one such BEC scam.

Nationwide losses from BEC scams in 2021 were nearly $2.4 billion, according to a new FBI report. That’s a 33 percent increase from 2020 and more than 10 times from just seven years ago. And experts say many victims never file complaints and the FBI figures are just a tiny fraction of the total money stolen.

In the case of Williams, the director of the nonprofit in San Francisco, the thieves hacked into the email account of the company’s accountant and then inserted themselves into a long message thread, sending out emails asking to change electronic payment instructions for someone who won a scholarship and $650,000 was stolen.

When he found out what happened, Williams contacted law enforcement, but says his efforts got nowhere.