reported lost to BEC in the FBI's latest annual data — complaints up 15.5% year over year
FBI IC3 2025 Internet Crime Report · Calendar 2025
Invoice fraud, business email compromise, and push-payment scams — the verified numbers behind them in the United States, the European Union, Australia, Canada, and the United Arab Emirates. Every statistic card links to its primary source.
Last reviewed July 2026 · Sources: government and law-enforcement reports, central banks, industry bodies
cumulative global exposed losses (actual plus attempted) to business email compromise reported to the FBI and financial institutions, across 305,033 incidents in 186 countries
FBI IC3 business email compromise PSA · October 2013 – December 2023
reported lost to BEC in the FBI's latest annual data — complaints up 15.5% year over year
FBI IC3 2025 Internet Crime Report · Calendar 2025
of BEC-affected US organizations saw vendor impersonation — a fraudster posing as a supplier to redirect payment — now ahead of executive impersonation
AFP Payments Fraud and Control Survey, 2025 · Calendar 2024
lost to authorised push payment fraud in the UK — the one market with mandatory reimbursement, where 61% of losses were returned to victims
UK Finance Annual Fraud Report 2026 · Calendar 2025
FBI IC3 2025 Internet Crime Report · Calendar 2025
See the numbers →EBA/ECB 2025 Report on Payment Fraud · Calendar 2024
See the numbers →National Anti-Scam Centre, Targeting Scams report · Calendar 2025
See the numbers →Canadian Anti-Fraud Centre · Calendar 2025
See the numbers →UAE Financial Intelligence Unit, strategic analysis 2024 · 2021–2023
See the numbers →A scam family where a criminal impersonates someone a finance team trusts — most often a supplier or executive — through a compromised or lookalike email account, and redirects a legitimate payment to an account they control. Fake invoices and "we've changed our bank details" requests are its most common forms. The FBI has recorded $55.5 billion in global exposed losses to BEC over a decade.
Fraud where the victim is tricked into sending the payment themselves, so it is "authorised" — which is exactly why banks in most countries do not have to refund it. The same crime has different names: APP fraud in the UK, "manipulation of the payer" in EU data, BEC or wire fraud in the US, payment redirection in Australia.
The business-specific version: a fraudster poses as a supplier you already pay, and a genuine-looking invoice arrives with changed bank details. In AFP's US survey, 60% of BEC-affected organizations saw vendor impersonation — now ahead of executive impersonation (49%), with third-party impersonation the most-cited variant (63%).
Not directly. Each country counts differently — the FBI counts complaints filed with it, the EBA/ECB collect supervisory data from banks, Australia deduplicates five reporting systems, Canada logs voluntary reports. Every figure on these pages states exactly what its source measures, and each country page explains its own system.
Because most fraud is never reported to anyone who publishes statistics. The Canadian Anti-Fraud Centre estimates only 5–10% of victims report to it; Australia's National Anti-Scam Centre makes the same caveat. Reported-loss figures are floors, not totals.
Every statistic on these pages comes from a named government, law-enforcement, central-bank, or industry-body publication. Each stat card links to its source, and figures quoted in narrative text come from the same verified set. We record exactly what each figure measures, keep the original currency, and review the full set against the newest report editions. Reported losses understate the real problem — most payment fraud is never reported to anyone who publishes numbers.
PayHQ checks every supplier invoice against verified records and flags changed bank details before money moves. Live in days.