Business Email Compromise (BEC) attacks have become the most common email threats across various sectors, giving rise to many social engineering and financial frauds. In a BEC attack, threat actors initially pilfer credentials of targeted business email accounts, and later use them to launch phishing and social engineering attacks on unwitting employees. Besides, threat actors often use stolen credentials to launch financial fraud campaigns like fraudulent email messages, requests for out-of-channel fund transfers, and deleted accounting trails.
According to the 2021 Business Email Compromise Report from GreatHorn, of all security incidents suffered by organizations last year, BEC attacks accounted for 50%, resulting in other kinds of threats like loss of data (16%), compromised accounts (36%), and payment fraud (16%).
- Spoofing email accounts (71%) and spear-phishing attacks (69%) are the most common type of BEC attacks.
- Nearly 30% of organizations claimed that over 50% of malicious links are received via emails, which are intended to steal credentials.
- 34% of respondents stated that the finance department is the most targeted and frequent victim of spear-phishing attacks.
- Over 65% of security experts admitted that their organization has suffered a spear-phishing attack in 2021.
Information is Wealth
Our sensitive information is cybercriminals’ wealth. Once attackers get hold of our private data, they could misuse it for various fraudulent activities. BEC attackers typically spoof company’s or high-profile employee identity to spread the malware. The report claimed that threat actors are using company names (68%), targeted employee names (66%), and manager-level names (53%) to phish executives into performing hackers’ intended activities.
The report is based on the responses of 270 IT and cybersecurity professionals in the U.S., involved in fighting against BEC attacks and related email threats.
BEC Attacks Continue to Rise
Similar research from the APWG (Anti-Phishing Working Group) revealed how enterprises lose their wealth to BEC attacks. The email attacks have become a highly remunerative line of business for threat actors. In its “Phishing Activity Trends Report,” APWG stated that the average wire transfer loss from BEC attacks surged from $54,000 in Q1 2020 to $80,183 in Q2 2020, as cybercriminals expected high returns.
Related story: How to Detect Suspicious Email Attachments