Email Security Blog

Business Email Compromise – Top Phishing Attacks of 2016

Nikki Tyson June 29, 2016 Business Email Compromise
Fallback Featured Image

In this series of blog posts we examine the most common forms of phishing attacks and appropriate countermeasures to protect both individuals and organizations – in this post we explore Business Email Compromise and the potential fall-out for executives.

Business Email Compromise 

At the start of 2016, the FBI warned that it had seen a 270% increase in CEO scams, also known as Business Email Compromise (BEC) scams.

With these scams, savvy cyber criminals are taking the time to harvest personal information and learn the processes within a company. Once armed with this information, they target carefully selected employees with a spear phishing email designed to get access to confidential business information or transfer money into an unknown account.

Companies that have recently fallen victim to this kind of criminal fraud include:

  • Ubiquiti Networks – the finance department was targeted by a fraudulent request from an outside entity that resulted in $46.7 million being transferred to an overseas account held by external third parties after an employee was impersonated.
  • Mattel – a finance executive wired more than $3 million to the Bank of Wenzhou after the ‘new CEO’ requested a vendor payment. According to reports, Mattel quickly realized that it had been victim of a fraudulent request and worked with Chinese authorities to get the money back.
  • FACC – the Austrian aircraft parts maker, whose customers included Airbus, Boeing and Rolls-Royce, reported that they had fired their chief executive after cyber criminals stole €50 million ($55.7 million) in an email scam.

Agari research found that more than 85% of spear phishing attacks are enabled by legitimate cloud services, and the majority do not contain a malicious link or attachment, which make them a lot harder to detect.

BEC Countermeasures

A multi-pronged approach is required to counter these types of targeted attacks:

  1. Strengthen Internal Processes – To counter the threat of this type of attack, organizations must introduce policies that ensure that no one person or single email can authorize transactions. Instead, there needs to be a mixture of communication channels verifying any request for confidential or financial information.
  2. Multi-Layered Approach – There is not a single solution available that can solve the breadth of the email security problem. What’s needed is multiple controls – a cocktail of complementary solutions that provides a multi-layered approach to cyber security where prevention, early detection, attack containment, and recovery measures are considered collectively.
  3. Establish Per-message Authenticity – Organizations need a solution that considers sophisticated data science and email security intelligence in order to reinstill trust into the email ecosystem and establish the ‘true’ identity of an email’s sender.

Download Agari’s executive brief on the Top Phishing Attacks of 2016 to learn more about best practices to stopping phishing attacks.

You can also check out the other posts in the Top Phishing Scams series:

Envelope with skull and cross-bones

December 1, 2021 John Wilson

Identifying and Mitigating Email Threats

Email  threats are ever evolving, and it’s important to stay up to date. Here are…

Woman-shopping on cell phone

November 30, 2021 Mike Jones

It’s the Most Wonderful Time of the Year… for Cybercriminals

The holiday season is upon us, which means it’s also the busiest time of the…

laptop with envelope and security badge-secure email

November 24, 2021 John Wilson

TLS for Email: What is it & How to Check if an Email Uses it

Transport Layer Security (TLS) is encryption to secure email messages between sender and receiver to…

Laptop with multiple paddle locks with key holes

November 11, 2021 John Wilson

SMTPS: How to Secure SMTP with SSL/TLS (Which Port to Use)

We’re going to go over what SMTP is, whether it’s truly secure enough (or if…

Man with laptop with large red email warning screen pop up

November 5, 2021 John Wilson

Spear Phishing Emails: What They Are & How to Prevent Them

Spear phishing is more focused than normal phishing. To protect against this type of phishing,…

mobile image