Scam emails cost people around the world billions of dollars each year. In Australia alone, in 2018, it is estimated that scammers took their victims for over AUD$500m (US$350m, £280m). And it isn't just individuals that are falling prey. Businesses are increasingly being targeted with fake invoices, phone messages and other malicious emails.
Indeed, cyber crime cost US businesses a collective $2.7bn in 2018, according to the FBI’s latest annual Internet Crime Report.
Last year, the FBI received more than 20,000 complaints from organisations about what it terms, ‘business email compromise’ (BEC), a catch-all phrase for a number of crimes that leverage tactics — like phishing, targeted email spoofing and other forms of credential theft — to facilitate the fraudulent transfer of funds.
While more sophisticated tools and attack vectors tend to garner sexier headlines, the report made it clear that many hackers are still able to make a good living, exploiting common social engineering methods like BEC to the tune of $1.2bn in lost or stolen profits.
In fact, the FBI’s Internet Crime Complaint Center (IC3) estimates global ‘exposed dollar losses’ to business email compromise fraud has swelled to $26bn globally over the last three years.
The $26 billion in exposed dollar losses include both actual losses and attempted BEC fraud, which occurred over 166,349 incidents in the US and rest of the world. Importantly to note, BEC scammers are targeting all ranges of businesses including small, medium and large organisations, according to the FBI.
So what can be done about scam emails? Re:scam them
[UPDATE}
Unfortunately, after sending 1,012,531 emails and wasting more than 5 years of scammers’ time, Re:scam has stopped operating. The Manufacturer is in touch with Re:scam to see if the initiative will be revived.
In 2017, New Zealand’s independent, non-profit online safety organisation, Netsafe, launched a system called Re:scam
Unlike most scam reporting options that require you to fill in long forms and rarely deliver any real results, with Re:scam you simply forward your scam email to [email protected] and it takes it from there.
While it is unlikely that Re:scam will bring the scammers to justice, a difficult (but not impossible) job for even the most well-resourced police department, it will at least slow them down. The system will employ a highly effective chatbot, with multiple personalities, to pretend to be a real person and respond to the scammer and waste as much of their time as is “in-humanly” (pun intended) possible.
You will even be sent a summary of the conversation the bot has had with the scammer and, as Netsafe writes on its website, “sometimes they can be quite funny!”
You can see a few examples of exchanges the video above. It looks brilliantly frustrating.
We might not be able to easily defeat scam or phishing emails. But hopefully we can slow down and frustrate the perpetrators of cyber crime with the help of Re:scam.
Statistics and employee awareness of scam emails
The following statistics were reported in victim complaints to the FBI’s IC3 between June 2016 and July 2019:
Domestic and international incidents: | 166,349 |
Domestic and international exposed dollar loss: | $26,201,775,589 |
The following BEC/EAC statistics were reported in victim complaints to the IC3 between October 2013 and July 2019: | |
Total U.S. victims: | 69,384 |
Total U.S. exposed dollar loss: | $10,135,319,091 |
Total non-U.S. victims: | 3,624 |
Total non-U.S. exposed dollar loss: | $1,053,331,166 |
The following statistics were reported in victim complaints to the IC3 between June 2016 and July 2019: | |
Total U.S. financial recipients: | 32,367 |
Total U.S. financial recipient exposed dollar loss: | $3,543,308,220 |
Total non-U.S. financial recipients: | 14,719 |
Total non-U.S. financial recipient exposed dollar loss: | $4,843,767,489 |