This post is from Splunk, a Priceonomics Data Studio customer. Does your company have interesting data? Become a Priceonomics customer.
You’d never blindly send money to a stranger who emailed you asking for it, would you?
Don’t be so sure. In 2017 the Justice department announced that Google and Facebook had lost $100 million to one scammer who sent them fake invoices. The scammer, who posed as an Asian manufacturing, sent the company elaborately forged invoices the companies paid. If Google and Facebook could lose $100 million through this ploy known as “business email compromise,” perhaps your company is susceptible as well?
Given the growing prominence of electronic fraud, we decided to analyze just how much money is lost each year due to Internet fraud, which kinds of frauds are growing the fastest, and who is getting targeted.
Fraud, in general, is a deliberate deception with the intent for financial gain. It’s a very general term that could mean anything from stealing money from your employer to telling someone they have an unpaid bill and having them send the money to you.
Online fraud (also called Internet fraud or electronic fraud), is a version of fraud that uses the Internet to perpetrate either the deception or the money transfer aspect of a fraud. While online fraud is still considered its own category, to a certain extent, all fraud is becoming online fraud because the Internet is so pervasive.
It’s also worth noting the difference between fraud targeted at consumers versus fraud targeted at businesses. Consumer fraud typically receives a lot of media attention, but fraud targeting businesses is also quite pervasive.
So, just how much money is lost to fraud in the United States per year and how much of that fraud is online? One estimate puts the total fraud loss at approximately $180 billion per year, with online being the second largest category.
Online fraud is estimated at around $32 billion per year, however fraud loss is notoriously difficult to estimate. One reason is that many people never realize they were defrauded, hence it doesn’t get reported. This makes fraud an attractive proposition for criminals and also means sizing losses is challenging. What’s more, isolating the component of fraud that is online is challenging because the Internet touches so many of the above categories, from mortgage payments to wire transfers to online banking.
The FBI does, however, publish annual reports of online fraud losses reported to its Internet Crimes Complaint Center. While reported losses are only a small fraction of actual losses due to Internet fraud, the trends and classifications of crimes provide useful insights for what kinds of crimes are growing and where they are most prevalent.
In 2017, $1.4 billion dollars in electronic fraud was reported to the FBI, nearly twice as much as in 2013.
This $1.4 billion in losses was over 300,000 reported incidents with an average loss per incident of almost five thousand dollars.
Within the online fraud universe, the FBI categorizes crimes into various categories. This chart below shows the fraud losses by category and highlights the major source of vulnerability—your email inbox.
Forty percent of online fraud losses are the result of Email Compromise, sometimes referred to as Business Email Compromise (BEC) or Email Account Compromise (EAC). This fraud targets mostly businesses that regularly perform wire transfers. This type of fraud involves sending fake invoices to companies with the hope they are erroneously paid.
If you work in the accounting department of a company or regularly pay bills, be aware your inbox may not be what it seems. Hackers can very easily pose as trusted vendors or even spoof email addresses of your co-workers with relative ease.
Email compromise is the largest source of online fraud, but which electronic categories are growing the fastest and which are shrinking? The chart below shows the change in fraud loss by category from 2016 to 2017.
Most recently, tech support fraud has grown the fastest with a ninety percent growth rate. This type of fraud involves hackers gaining access to a victim’s computer or credentials by posing as a technical support service.
Perhaps most alarming is that email compromise is not only the largest source of fraud loss, but it grew at 88% between 2016 and 2017. Fraudsters are wise to the notion that email is a highly successful and lucrative vector of attack. Personal data breach, identify theft, and credit card fraud round out the top five fastest growing types of fraud. If there is any silver lining here, at least the fraud losses from Corporate Data Breaches shrank 36%.
According to the FBI, fraud is an issue that affects all age groups. However, more fraud loss is concentrated in older generations:
For some context, people over 60 make up less than 20% of the population yet a much higher percentage of the internet fraud loss in the United States. Elder fraud is currently the fastest growing form of elder abuse. As senior citizens may have substantial assets but less experience with Internet use, they are often successfully targeted by fraudsters.
Online fraud takes place everywhere throughout the United States, but its not evenly distributed. The following chart shows the number of Internet fraud reports by state in 2017 per 100,000 that live in the state.
Reported fraud takes place at the highest rate in Alaska, where the rate is nearly four times higher than North Dakota, the state with the lowest fraud rate. Alaska’s top spot in the fraud ranking is somewhat surprising given the state has low broadband access rates and the smallest percentage of elderly population in the United States. However, online credit card fraud is a particularly pervasive issue in Alaska, where the reported rate is twice the national average.
How big an issue is fraud loss for consumers versus businesses? Javelin Research, an online fraud research company, estimates that consumers lost $16 billion to online fraud in 2016. Previous estimates of total online fraud losses in the United States were pegged around $32 billion, meaning that roughly half of fraud loss is from businesses and the other half from consumers.
The Association of Fraud Examiners examines occupational fraud in various industries. The chart below shows the percentage fraud cases by industry (note these are all fraud cases, not necessarily online ones):
When it comes to businesses, fraudsters target the money and invoices. Not surprisingly, Financial Services, being closest to the money, has the highest rate of occupational fraud, with nearly 20% of all recorded cases. Notably, Government and Health Care have very high fraud rates; two industries where billing and invoice fraud is extremely common.
For consumers, guarding credit cards and account login credentials is the most important step to prevent fraud. However, for businesses, safeguarding accounts payable operations and having a very skeptical eye toward email inboxes may be the highest value method of preventing fraud losses.
Splunk Inc. turns machine data into answers with the leading platform to tackle the toughest security and IT challenges. See how businesses can combat fraud with The Essential Guide to Fraud.