From Inbox to IT Desk: Inside Texas’s $1.35 Billion Cybercrime Threat to Businesses

Cybercrime is surging across the United States—and Texas is no exception. According to the FBI’s 2024 Internet Crime Report, Texans reported more than $1.35 billion in cybercrime losses last year, making Texas one of the top three states for total financial damage. Two of the most costly and common types of cybercrime were Business Email Compromise (BEC) and Tech Support scams—both of which increasingly target Texas businesses.

Business Email Compromise (BEC): Nearly $300 Million Lost in Texas

Business Email Compromise remains one of the most financially damaging threats to Texas businesses. In 2024, reported BEC losses in the state reached $293.5 million, placing Texas second in the nation, behind only California. 

What is BEC?

Business Email Compromise (BEC) is a sophisticated form of fraud that preys on trust in corporate email communications. The FBI defines BEC as a scam targeting businesses or individuals that regularly engage in wire transfers. Attackers gain unauthorized access to email accounts—either by hacking or through impostor tactics—and then monitor email traffic to mimic legitimate communication flows

How it works: 

1. Email Compromise or Spoofing 
   Attackers may hack into legitimate email accounts or use lookalike email addresses that appear nearly identical to real ones. A simple domain variation—like switching “@company.com” to “@cornpany.com”—can be enough to trick a busy or unsuspecting employee. 

1. Reconnaissance 
   Once inside or ready to impersonate, attackers study existing communication patterns—like invoice formats, vendor names, or executive writing styles—to make their requests look legitimate. 

1. Execution 
   The attacker sends an urgent email asking someone in accounting or operations to update payment details, wire money, or send sensitive documents. Because the email appears to come from a trusted source, the recipient often complies without double-checking. 

BEC is especially dangerous because it doesn’t rely on malware—it relies on human trust and routine. 

RealWorld Example: Manor ISD Loses $2.3 Million

In late 2019, Manor Independent School District, located near Austin, became the victim of a BEC scam that cost them $2.3 million. Cybercriminals posed as a vendor doing business with the district and successfully redirected three separate payments to fraudulent accounts. The scam wasn’t discovered until the actual vendor asked about missing funds. Although law enforcement was contacted and an investigation was launched, most of the funds were never recovered. 

This example shows how even public sector organizations with formal purchasing processes can fall victim to simple but highly effective email scams. 

Tech Support Scams Now a Major Threat to Businesses

Tech support scams have evolved beyond targeting consumers—now, small and mid-sized businesses in Texas are bearing the brunt. According to the FBI’s 2024 Internet Crime Report, Texas businesses and organizations lost $86.7 million to these scams in 2024—a 38% increase from 2023. Texas ranked among the top three states nationally in financial losses due to tech support fraud. 

How Businesses Are Targeted

These scams often involve attackers impersonating well-known software vendors or IT support, using deceptive popups, spoofed websites, or phone calls. They aim to: 

• Gain remote access to business systems 

• Deploy malware that steals credentials or sensitive data 

• Charge for fraudulent “support” services 

Unlike consumer-focused scams, corporate targets typically suffer data theft, system disruption, and financial loss through unauthorized payments or cleanup costs. 

RealWorld Example: Houston FBI Takedown of Phishing Tool Marketplace

In early 2025, the FBI’s Houston Field Office seized 39 online domains linked to a network selling phishing kits and fraud tools used in business-targeted email scams and tech support attacks. These tools enabled criminals to spy on company emails and extract credentials—often paving the way for wire fraud or data breaches. The FBI estimated that businesses nationwide, including Texas, lost millions of dollars through these schemes. 

This incident highlights how tech support scams are now part of broader, organized cybercrime operations targeting the business sector. 

Protecting Yourself and Your Business

As cyber threats evolve, it’s clear that no business—regardless of size or industry—is immune. From fake email requests to impersonated tech support calls, the most damaging attacks often rely on human error, not just technical vulnerabilities. The good news: with the right training, systems, and protocols in place, businesses can dramatically reduce their risk. 

Here are a few key precautions Texans can take to reduce risk: 

For Businesses:

• Implement multi-factor authentication on all email and cloud accounts 

• Train employees to recognize phishing attempts and tech support scams 

• Verify all fund transfer or software renewal requests with a second channel (such as a phone call) 
  

For Individuals:

• Never trust pop-up warnings or unsolicited calls claiming to be from tech support 

• Avoid granting remote access to unknown parties 

• Report scams immediately to the FBI’s Internet Crime Complaint Center (IC3) 
  
  

Cybercrime isn’t just a future threat—it’s a present-day reality costing Texas businesses and individuals hundreds of millions each year. Understanding the most common scams like Business Email Compromise and Tech Support fraud is the first step toward protecting your assets and your operations. 

To report a cybercrime or learn more, visit the FBI’s Internet Crime Complaint Center (IC3).