If you’ve ever received a fake email from one of your “executives” asking for a quick request, you’re not alone. In fact, new research from the Agari Cyber Intelligence Division shows that individual impersonation attempts now comprise nearly a quarter of all BEC attacks. This is an increase from the last quarter, when this type of scam made up only 12% of all attacks.
Business email compromise (BEC) has grown into a billion dollar industry as cybercriminals use look-alike domains and display name deception to trick employees into revealing sensitive information, depositing money into criminally-owned bank accounts, and sending thousands of dollars in gift cards via email—all without ever touching a legitimate email account. When these criminals do gain access to an employee email account and use that access to spy on communications, gain knowledge of business operations, and send attacks on behalf of that employee, the damage can be much worse.
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial transaction or send sensitive materials.
Only three months ago, the Agari team published our first in-depth analysis on how the top candidates for the US presidency compared when it comes to email security. The kinds of email attacks that helped derail Hillary Clinton’s candidacy in 2016 are only getting more sophisticated, and new data released today shows that campaigns are not taking the threat as seriously as they should.
You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in your inbox, and you may not realize it. However, recent research from the Agari Cyber Intelligence Division (ACID) has shown that these advanced phishing attacks increasingly possess a handful of commonalities, making them easier to spot—which is good news considering their popularity.
Every year, the Internet Crime Complaint Center, also known as IC3, publishes an annual report looking at the different types of internet-based crimes reported to the FBI. Over the last year, victims around the globe lost $2.71 billion to all types of cybercrime, which includes lottery scams, hacktivism, gambling fraud, malware, ransomware attacks, and tech support fraud, among others.
Historically, business email compromise (BEC) threat actors have used wire transfers as a means to steal money from businesses. Impersonating a trusted contact, usually a company executive, a scammer requests that a fictitious vendor get paid by sending money to a bank account controlled by the scammer or an associate.
It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings about W-2 forms being stolen at tax time, and every year dozens of organizations disclose that someone inside of their organization fell victim to a BEC scam where actors were asking for W-2 information.
When it comes to sharing threat intelligence with one another, organizations tend to play the game differently. Some prefer to play the “secret squirrel game,” where attribution is something so sacred that names of actors can only be whispered behind closed doors. In other cases, data is bought on the dark underbellies of the Internet and then sold back to organizations as threat intelligence. For others, like the Agari Cyber Intelligence Division, information is shared amongst trusted individuals who can use it to stop cybercrime and bring criminals to justice.
In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email compromise group of cybercriminals we call London Blue.