On March 17, the FBI released its seminal annual Internet Crime Report. Once again, socially-engineered attacks (including business email compromise, spoofing, and phishing) by far were the number one cybercrime by financial loss, accounting for $2.1 billion of the $4.2 billion in losses to U.S. businesses and consumers. These attacks utilise impersonations to get companies to transfer money to fraudulent accounts and pose significantly more financial danger to an organisation than well-known tactics such as malware and ransomware.
As the FBI noted in its report, “fraudsters have become more sophisticated by evolving their techniques to use social engineering to compromise vendor email accounts and use stolen identities to establish bank accounts to receive stolen funds through invoice fraud.”
