BEC Scammers Are Expanding from Nigeria to the US, Research Finds

  • Nigeria is no longer the hub of BEC operations
  • Many cybercriminals now operate from inside the US
  • BEC scammers use people working from home to help them get a hold of the money


Business email compromise (BEC) is a global problem responsible for $26 billion in losses since June 2016, and the latest Agari research shows that the distribution of threat actors is much more diffuse, now covering more than 50 countries.

Because only high-profile BEC attacks ever reach the news, it’s easy to imagine that this type of fraud involves millions of dollars and that it only happens at very high levels. But the opposite is true, with BEC accounting for 40 percent of all cybercrime losses, and, in most cases, criminals only look to steal amounts small enough that they don’t raise immediate red flags.

In the past, Nigeria was the hub for most of these scams, but, just like the victims, the attackers are now highly multinational. Now, BEC attacks stem from more than 50 countries, with a quarter of all attackers residing in the United States, including California, Georgia, Florida, Texas, and New York.

Of course, these types of operations wouldn’t be possible without “mules,” people who willingly or unwittingly help the scammers retrieve the money.

“Over the course of 15 months, we collected 2,900 mule accounts in 39 countries, through which scammers intended to receive more than $64 million in stolen funds from BEC victims,” found the Agari research. “While 80% of these mule accounts were located in the United States, the requested payment amounts destined for those accounts were significantly lower than other countries.”

The average payment to US-based mule accounts was $39,500, but the payment made to accounts based in Hong-Kong was, on average, $257,300, which is significantly more.

Not surprisingly, the COVID-19 pandemic helped attackers find more victims to help them. Many people lost their jobs and turned to freelance, working from home. In many situations, they were helping BEC scammers move money around.

“After a victim accepts the ‘job,’ they are put to work doing a variety of different tasks, which could include receiving and reshipping goods, receiving ‘payments’ from clients, or printing and sending checks,” states the research. “Of course these tasks are all part of fraudulent schemes the victim is unknowingly a part of.”

It’s becoming evident that BEC attacks are spreading across the world, affecting more businesses than ever. Now, with a foothold in so many countries, criminals have a much easier time finding mules and new targets.