If you’ve ever received a fake email from one of your “executives” asking for a quick request, you’re not alone. In fact, new research from the Agari Cyber Intelligence Division shows that individual impersonation attempts now comprise nearly a quarter of all BEC attacks. This is an increase from the last quarter, when this type of scam made up only 12% of all attacks.
Business email compromise (BEC) has grown into a billion dollar industry as cybercriminals use look-alike domains and display name deception to trick employees into revealing sensitive information, depositing money into criminally-owned bank accounts, and sending thousands of dollars in gift cards via email—all without ever touching a legitimate email account. When these criminals do gain access to an employee email account and use that access to spy on communications, gain knowledge of business operations, and send attacks on behalf of that employee, the damage can be much worse.
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial transaction or send sensitive materials.
Receipts and invoices—two accounting powerhouses that require little introduction. But step a little further into the world of finance and accounts, and you can quickly become a fish out of water, as the terminology to this numerical land seems to multiply exponentially.
When we think of business email compromise (BEC), the first thing that comes to mind is likely an executive spoof—an email sent to an employee from someone pretending to be the CEO or other high-profile executive.
With losses from business email compromise rising fast, the active defense movement is generating buzz—but what are the ramifications? Why just raise the shield without wielding the sword, too?
DMARC adoption rose a tepid 1% in the first quarter of the year, with the rate of growth slowing compared to the last three months of 2018, according to our latest report on email security trends. That said, nearly 90% of Fortune 500 businesses remain unprotected against email-based impersonation attacks targeting their customers, partners, and other businesses. But Australian companies lead their peers around the world in putting the public at risk.
There is no denying that business email compromise (BEC) is big business, with losses exceeding a billion dollars in the United States in the last year alone. Globally, BEC attacks have cost more than $13 billion in the last five years. Chances are likely that you’ve probably been a recipient of one of these social-engineered emails yourself. But the question remains… who is behind these increasingly sophisticated email attacks, and why did they become so popular in recent years?
You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in your inbox, and you may not realize it. However, recent research from the Agari Cyber Intelligence Division (ACID) has shown that these advanced phishing attacks increasingly possess a handful of commonalities, making them easier to spot—which is good news considering their popularity.
Every year, the Internet Crime Complaint Center, also known as IC3, publishes an annual report looking at the different types of internet-based crimes reported to the FBI. Over the last year, victims around the globe lost $2.71 billion to all types of cybercrime, which includes lottery scams, hacktivism, gambling fraud, malware, ransomware attacks, and tech support fraud, among others.