Business E-mail Compromise Survey Report
BEC (Business E-mail Compromise: BEC) has become widely known since the Federal Bureau of Investigation (FBI) released information about it in 2015, but losses linked to BEC scams continue to grow. According to the data on incidents reported to the FBI's Internet Crime Complaint Center (IC3), the combined number of victims inside and outside the US was 22,143 with losses amounting to approximately 3.1 billion US dollars ($3,086,250,090) from October 2013 to May 2016, but the corresponding figures for the period from June 2016 to July 2019 surged to 166,349 and 26.2 billion US dollars ($26,201,775,589), respectively.
In Japan, organizations such as Information-technology Promotion Agency, Japan (IPA), the National Police Agency, and Trend Micro started releasing information about BEC to alert the public in 2017. Around the end of 2017, losses incurred by Japanese organizations due to BEC scams were widely publicized, and in 2018 businesses started receiving scam e-mails in Japanese, highlighting the need to be increasingly vigilant against the BEC threat in Japan.
In light of these circumstances, JPCERT/CC decided to conduct a survey and interviews on BEC, thinking it was necessary to clarify the actual nature of the threat and, based on its findings, disseminate informationabout measures and responses that organizations in Japan should take in order to minimize losses related to BEC.
This report provides information about specific actions that will be effective against BEC, considering how this threat has developed and transitioned based on the survey results along with information publicly available.
We hope that you find this document useful in considering measures against BEC.
Date | Title | |
---|---|---|
2020-06-11 | Business E-mail Compromise Survey Report |
PDF Signature 1.62MB |