Home News BEC Attacks Become a Highly Remunerative Line of Business for Cybercriminals

BEC Attacks Become a Highly Remunerative Line of Business for Cybercriminals

SHARE
93% increase in Outbound Email Data Breaches: Report
SHARE

Business Email Compromise (BEC) attacks have become a highly remunerative line of business for threat actors. A new research from the APWG (Anti-Phishing Working Group) revealed how enterprises lose their wealth to BEC attacks. In its “Phishing Activity Trends Report,” APWG highlighted that the average wire transfer loss from BEC attacks surged from $54,000 in Q1 2020 to $80,183 in Q2 2020, as cybercriminals expected high returns.

In a BEC attack, cybercriminals first steal legitimate business email account credentials, which are later used to launch financial fraud campaigns like fraudulent email messages, requests for out-of-channel funds transfers, and deleted accounting trails.

BEC- A Lucrative Attack Vector

BEC attackers demand 66% of funds in the form of gift cards, stating that the average amount of gift cards requested during Q2 of 2020 was $1,213, down from $1,453 in Q1 of 2020. In addition, the number of phishing sites detected in Q2 of 2020 was 146,994, down from the 165,772 observed in Q1 of 2020.  Phishing attacks targeting the social media industry increased in Q2 by about 20%, with the most targeted attacks against Facebook and WhatsApp.

Threat from Russian Hackers

The research also found the movement of a BEC attackers’ gang in Russia known as “Cosmic Lynx,” in addition to the West African scammers targeting organizations with BEC attacks. It is found that the average ransom demanded by the Cosmic Lynx group is about $1.27 million. “We were expecting that Russian cybercriminals would move into the world of BEC because the return on investment for basic social engineering attacks is much higher than launching more sophisticated (and more expensive) malware-based attacks,” the report said.

A Rising Concern

Recently, the FBI warned that organizations that use cloud-based email systems are at high risk to BEC attacks. The bureau advised employees about the email scams that begin with phishing kits designed to mimic two popular cloud-based email services to lure employees into compromising business email accounts and misdirecting funds transfers. The FBI stated that its Internet Crime Complaint Center (IC3) received complaints, between January 2014 and October 2019, claiming more than US$2.1 billion losses from BEC scams.

SHARE

Subscribe Now to receive Free Newsletter

* indicates required

Select list(s) to subscribe to


By submitting this form, you are consenting to receive marketing emails from: EC-Council, 101 C Sun Ave. NE, Albuquerque, NM, 87109, http://www.eccouncil.org. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact