/>iAccording to Cybersecurity Dive, “Americans lost $16.6 billion to cyber fraud and internet crimes last year (2024), up 33% from the previous year. Phishing, spoofing and extortion topped the list of complaints, but investment and business email compromise (BEC) scams cost victims the most money.” Yes, phishing continues to be a significant problem in causing BECs, even though employees think they can spot them.
A recent report by Fortra concludes that BECs jumped 37% between May and June 2025, showcasing that BECs continue to be a money maker for threat actors, and will no doubt continue to plague businesses: “ Credential phishing was the most common cash-out method, with 46.2% of all methods used. This suggests that BEC threat actors are adapting their tactics to target specific vulnerabilities in the business world.”
Fortra’s key findings:
- BEC attack volume increased by 37% in June 2025 compared to May 2025.
- Credential phishing was the most common cash-out method in June 2025.
- FIRE identified 24 cryptocurrency scams with 14 unique wallets used by scammers during the month.
- The average amount requested in wire transfer attacks decreased by 26% in June 2025 compared to May 2025.
- Specialty banks were the most common institutions used for payroll diversion scams in June 2025.
- 57% of BEC attacks originated from free webmail providers, while 43% came from maliciously registered domains during June.
- The United States was the primary location for BEC threat actors in June 2025.
These findings are helpful to assess risk and devote resources to combat threat actors’ changing techniques. BECs continue to be a significant risk for organizations, so tools and training are still valid prevention measures.
