One of the trends that has been slowly creeping up across the BEC threat landscape is that actors are using other techniques in order to get money outside of an organization.
In the Q1 2019 Email Fraud & Identity Deception Trends report, we reported that the average security operations center (SOC) is getting more than 23,000 employee-reported phishing incidents per year. Those incidents would require 54 SOC analysts to handle them in a timely matter. Yet, the average SOC only has 12 security analysts.
When the Agari Cyber Intelligence Division released our report on London Blue in December, much of the focus was on how cybercriminals use legitimate lead generation services to identify their targets. Research we released today into a different cybergang—one we’ve named Scarlet Widow—shows how Nigerian criminals take a different tactic against more vulnerable institutions.
With Valentine’s Day celebrated around the world, today is a day full of love and joy—especially for those in committed relationships. People around the globe are celebrating their relationships by sending flowers and chocolates, enjoying fancy dinners, and writing love notes in greeting cards. Unfortunately, not all relationships are legitimate, and not everyone sees today as a celebration of love.
Business email compromise (BEC) fraud is a lucrative venture, and now that industry is expanding in a troubling way—by lowering the barrier to entry so that anyone with a couple hundred bucks can outsource a BEC attack. BEC criminals are organized, behaving in many ways like legitimate businesses.