Thanks to the long-running Nigerian Prince Scam, business email compromise (BEC) attacks are most commonly associated with the African country that gives the scam its name.

And with good reason too. Half of all email scammers are located in Nigeria, according to phishing defence company Agari.

But a year-long investigation by the security firm reveals a sprawling network of BEC scammers and a tangled web of money mules spread across 50 countries.

Nigeria is at the centre of this web, but the US is the second-largest hotspot, accounting for 25% of email scammers.

Agari’s Cyber Intelligence Division (ACID) identified money mules in every state – including the District of Columbia, home to the law-making capital of Washington DC.

Nearly half of US scammers were located in the states of California, Georgia, Florida, Texas and New York.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

BEC attacks, in which a fraudster uses email to scam organisations into transferring funds, have been steadily on the rise each year.

According to the FBI, this cost organisations more than $26bn globally between 2016 and 2019. The real figure is likely to be higher because not all incidents are reported.

Money mule networks

Mules play a crucial role in this criminal enterprise, laundering stolen funds and moving them offshore.

Agari uncovered a total of 2,900 money mule bank accounts, with more than 900 of these located in the US.

Hong Kong is a popular destination for laundering money, with the average amount requested to money mules standing at $247,000 – six times higher than in the US.

Across the criminal groups tracked by Agari, a total of $64m was requested from organisations.

“A CISO I spoke to just last week explained her number-one goal is customer trust – to earn it, maintain it and respect it,” said Agari Chief Identity Officer Armen Najarian.

“The information unveiled today as a result of our ACID team’s investigations enables CISOs to learn something new about the threat landscape they are working in and how to adapt their security controls to stay out ahead of fraudsters. And ultimately those actions taken by the CISO organization earn and sustain consumer trust.”

Read more: Russian BEC gang Cosmic Lynx fakes M&As to steal millions