BEC Scams Cost Nearly $8.5 Billion in Three Years: FBI

The FBI’s Internet Crime Complaint Center (IC3) has published its 2024 Annual Report, revealing what officials describe as unprecedented levels of cyber-enabled fraud. Total losses last year surged to $16.6 billion, with business email compromise (BEC) remaining one of the most financially devastating attack vectors.

BEC ranked as the 7th most reported crime in 2024 with 21,442 complaints, yet it was the second highest in financial impact, resulting in nearly $2.8 billion in losses.

When viewed across a broader timeline, the scale is even more alarming. Between 2022 and 2024, organizations reported nearly $8.5 billion in BEC-related losses to IC3—highlighting its persistence and profitability for cybercriminal groups.

These findings align with the Association for Financial Professionals’ 2025 Fraud and Control Survey, which found 63% of organizations experienced a BEC attack last year. The AFP warned that BEC “remains a significant threat” to corporate finance teams.

New Nacha Rules—designed to curb fraud attempts like BEC and strengthen post-incident fund recovery—are expected to take effect in 2026.

Overall, IC3 received almost 860,000 cybercrime complaints in 2024. Phishing and spoofing topped the list with 193,407 reports, while ransomware logged 3,156 cases, ranking 20th. Even so, FBI Operations Director B. Chad Yarbrough labeled ransomware “the most pervasive threat to critical infrastructure.”

Cyber-enabled fraud accounted for a staggering 83% of all reported financial losses, totaling $13.7 billion. This includes emerging schemes such as fraudulent “unpaid toll” demands, which generated over 59,000 complaints.

Yarbrough noted the dramatic rise in cybercrime reporting: IC3 once averaged 2,000 complaints per month—today, it receives more than 2,000 per day.