Business email compromise (BEC) has grown into a billion dollar industry as cybercriminals use look-alike domains and display name deception to trick employees into revealing sensitive information, depositing money into criminally-owned bank accounts, and sending thousands of dollars in gift cards via email—all without ever touching a legitimate email account. When these criminals do gain access to an employee email account and use that access to spy on communications, gain knowledge of business operations, and send attacks on behalf of that employee, the damage can be much worse.

The recent Internet Crime Report from the FBI showcasing the growth of business email compromise (BEC) from a $700 million problem to a $1.3 billion problem over the course of only one year was certainly alarming. It showcases just how much cybercrime is growing, despite increased defenses across organizations worldwide. 

As email scammers become more sophisticated and cybercriminals expand their tactics, phishing and BEC attacks from compromised email accounts continue to rise in popularity. We’ve seen a 35% increase in attacks launched from compromised accounts in the last six months. This means that email account takeover-based threats are more prevalent than ever before. And since this is the hardest attack type to protect against, these threats are only going to become more dangerous.
 

Receipts and invoices—two accounting powerhouses that require little introduction. But step a little further into the world of finance and accounts, and you can quickly become a fish out of water, as the terminology to this numerical land seems to multiply exponentially.

Legacy email security systems are failing, as more enterprises migrate their emails to the cloud and cyber-attacks become more professional and difficult to detect. Companies in all industries and government agencies simply are not moving fast enough to counter the increasingly sophisticated threats like business email compromise (BEC) and account takeover attacks.

When we think of business email compromise (BEC), the first thing that comes to mind is likely an executive spoof—an email sent to an employee from someone pretending to be the CEO or other high-profile executive.

With losses from business email compromise rising fast, the active defense movement is generating buzz—but what are the ramifications? Why just raise the shield without wielding the sword, too?

The statistics are astounding. Email remains the number one threat vector for data breaches, the point of entry for ninety-four percent of breaches. There is an attack every 39 seconds. Over 30% of phishing messages get opened, and 12% of users click on malicious links.

There is no denying that business email compromise (BEC) is big business, with losses exceeding a billion dollars in the United States in the last year alone. Globally, BEC attacks have cost more than $13 billion in the last five years. Chances are likely that you’ve probably been a recipient of one of these social-engineered emails yourself. But the question remains… who is behind these increasingly sophisticated email attacks, and why did they become so popular in recent years?