Email Security Blog

(Enterprise) Protect Yourself from the Top Spear Phishing Scams

Agari March 29, 2016 BEC
Fallback Featured Image

Snapchat and Seagate are just two of the latest companies to have fallen victim to spear phishing campaigns within the last month. As this highly-targeted approach to cyber attacks continues to claim enterprise victims, we take a look at some of the top spear phishing campaigns that companies are experiencing.

The Data Grab

Spear phishing isn’t always driven by criminals asking someone in Finance to transfer funds. Take the recent Snapchat attack where an employee in the payroll department was targeted by a dedicated phishing scam. A scammer impersonated the CEO asking for employee payroll information. Confidential payroll details about current and former employees were then mistakenly disclosed. Once equipped with this information, criminals have enough information to commit identify fraud – taking out credit in someone else’s name or even filing a phony tax return to get a tax rebate or refund.

Targeting System Admins

Increasingly IT is becoming a top-target for stealthy attackers looking to break into systems. For example, a phisher might pose as an executive and send an email asking for VPN credentials or server passwords. Often they will follow-up on this initial interaction with a fraudulent telephone call designed to add credibility and increase their success rate. Whereas criminals previously went after the consumer, now they are targeting big businesses and looking for new ways to sneak past their security measures in order to make money.

Business Email Compromise

The most publicized type of spear phishing is when someone in your Finance team receives an email instruction from the CEO letting them know that they need their support with a time-sensitive and confidential deal. The email address checks out so the Finance Controller replies and a dialogue is started that establishes rapport and trust. Then comes a clear directive to wire money to a specific bank account. Since most executives are reliant on email, there’s no phone call to confirm the transaction or secondary check so money is sent to an illegitimate account. Business Email Compromise has netted criminals $2 billion according to the Internet Complaint Center and affected 12,000 businesses worldwide in the last 18 months.

Protecting The Enterprise

Ultimately, no email should be sufficient to move money and no one person should be able to initiate and approve a wire transfer. Savvy organizations need to ensure that there is a mixture of inbound and outbound channels that can be used to verify any request for confidential or financial information.

Today’s businesses have to exercise a degree of caution by using tools like Agari Enterprise Protect to alert organizations to suspicious emails, regularly training employees and having robust processes in place. With the right approach, enterprises can restore trust in the inbox and prevent their business from being victims of carefully engineered and targeted attacks.


Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

February 20, 2020 Crane Hassold

Business Email Compromise (BEC) and G Suite: How the Exaggerated Lion Cybercrime Group Cashes Out

Business email compromise (BEC) has become the predominant cyber threat businesses face today. These basic…

Agari Blog Image

February 19, 2020 Ronnie Tokazowski

Damages from Business Email Compromise (BEC) Top the 2019 FBI IC3 List

Business Email Compromise (BEC) was solely responsible for over 40% of the total cybercrime losses…

Agari Blog Image

February 12, 2020 Michael Paiko

Business Email Compromise (BEC) Report: 62% of Scams Target Gift Cards, False Positives Trip Up Phishing Response

Gift cards topped cybercriminal wish lists in 62% of all business email compromise (BEC) scams…

Agari Blog Image

February 4, 2020 Michael Cichon

Phishing, BEC and the Supply Chain: Why Your BEC Attack Surface is Bigger Than You Think

Thanks to the rapid rise of email account takeovers, organizations worldwide are being forced to…

Agari Blog Image

January 29, 2020 Armen Najarian

W2 Scams and Business Email Compromise (BEC): 3 Reasons Advanced Email Threats Are About to Get Worse

With the season for W2 scams upon us, rapidly evolving email threats suggests these and…

mobile image