Sick of scam emails? Just forward them to Re:scam and enjoy the show

Posted on 11 Sep 2019 by Tim Brown

Scam emails cost people around the world billions of dollars each year. In Australia alone, in 2018, it is estimated that scammers took their victims for over AUD$500m (US$350m, £280m). And it isn't just individuals that are falling prey. Businesses are increasingly being targeted with fake invoices, phone messages and other malicious emails.

Indeed, cyber crime cost US businesses a collective $2.7bn in 2018, according to the FBI’s latest annual Internet Crime Report. 

Last year, the FBI received more than 20,000 complaints from organisations about what it terms, ‘business email compromise’ (BEC), a catch-all phrase for a number of crimes that leverage tactics ⁠— like phishing, targeted email spoofing and other forms of credential theft ⁠— to facilitate the fraudulent transfer of funds.

While more sophisticated tools and attack vectors tend to garner sexier headlines, the report made it clear that many hackers are still able to make a good living, exploiting common social engineering methods like BEC to the tune of $1.2bn in lost or stolen profits.

Reported loss of BEC Payroll Diversion in Millions of Dollars - source FBI
The graph shows the growth in losses just from “Payroll Diversion” fraud from BEC (scam emails) – source FBI

 

In fact, the FBI’s Internet Crime Complaint Center (IC3) estimates global ‘exposed dollar losses’ to business email compromise fraud has swelled to $26bn globally over the last three years. 

The $26 billion in exposed dollar losses include both actual losses and attempted BEC fraud, which occurred over 166,349 incidents in the US and rest of the world. Importantly to note, BEC scammers are targeting all ranges of businesses including small, medium and large organisations, according to the FBI.

So what can be done about scam emails? Re:scam them

[UPDATE}

Unfortunately, after sending 1,012,531 emails and wasting more than 5 years of scammers’ time, Re:scam has stopped operating. The Manufacturer is in touch with Re:scam to see if the initiative will be revived.

In 2017, New Zealand’s independent, non-profit online safety organisation, Netsafe, launched a system called Re:scam

Unlike most scam reporting options that require you to fill in long forms and rarely deliver any real results, with Re:scam you simply forward your scam email to [email protected] and it takes it from there.

While it is unlikely that Re:scam will bring the scammers to justice, a difficult (but not impossible) job for even the most well-resourced police department, it will at least slow them down. The system will employ a highly effective chatbot, with multiple personalities, to pretend to be a real person and respond to the scammer and waste as much of their time as is “in-humanly” (pun intended) possible.

You will even be sent a summary of the conversation the bot has had with the scammer and, as Netsafe writes on its website, “sometimes they can be quite funny!”

You can see a few examples of exchanges the video above. It looks brilliantly frustrating.

We might not be able to easily defeat scam or phishing emails. But hopefully we can slow down and frustrate the perpetrators of cyber crime with the help of Re:scam.

Statistics and employee awareness of scam emails

The following statistics were reported in victim complaints to the FBI’s IC3 between June 2016 and July 2019:

Domestic and international incidents: 166,349
Domestic and international exposed dollar loss: $26,201,775,589
   
The following BEC/EAC statistics were reported in victim complaints to the IC3 between October 2013 and July 2019:
   
Total U.S. victims: 69,384
Total U.S. exposed dollar loss: $10,135,319,091
   
Total non-U.S. victims: 3,624
Total non-U.S. exposed dollar loss: $1,053,331,166
   
The following statistics were reported in victim complaints to the IC3 between June 2016 and July 2019:
   
Total U.S. financial recipients: 32,367
Total U.S. financial recipient exposed dollar loss: $3,543,308,220
   
Total non-U.S. financial recipients: 14,719
Total non-U.S. financial recipient exposed dollar loss: $4,843,767,489

 

If you get a scam email, simply forward it on to Re:Scam and let their chatbots get to work