Phishing is always at the top of the list of threats to your business. In fact, there was more than a 600 percent jump in phishing attacks in 2020. A more targeted type of phishing, known as business email compromise, is on the top of the watch list for 2021.
Business Email Compromise (BEC) attacks are particularly threatening because they are close to impossible to trace and they leave you with irreplaceable financial and reputational loss and downtime. This attack is becoming more common because instead of having to develop malware or complex attack chains, the only thing needed for execution is to send an email. For this reason, BEC attacks are simple but leave a strong sting.
How Business Email Compromise is Achieved
Business e-mail compromise (BEC) is achieved when an attacker hacks into a corporate e-mail account and impersonates the real owner to defraud the company, its customers, partners, and/or employees into sending money or sensitive data to the attacker’s account.
BEC is also known as a “man-in-the-email” attack. This type of attack is where two parties think that they are talking to each other directly, but in reality, an attacker is listening in and possibly altering the communication.
To complete this attack, a hacker will sift through publicly available company information such as the company website, press releases, and even social media posts. They might look for the names and official titles of company executives, corporate hierarchy, or even little details such as travel plans from email auto-replies.
The hacker will then try to gain access to an executive’s e-mail account. To remain undetected, they might use inbox rules or change the reply-to address so that when the scam is executed, the executive will not be alerted.
The Growing Success of BEC is a Growing Threat to SMBs
Cybercrime in general is up dramatically across the board. Dark Web activity increased by 44 percent, with a corresponding 14 percent increase in BEC.
One of the largest factors contributing to the growth of BEC is the pandemic. Last year, 21% of fraud experiences had a COVID-19 connection. With the new release of the vaccine, these threats will remain a key targeting factor for 2021. Unfortunately, the success rates are leading to larger pay outs for hackers. The average amount requested in wire transfer-based BEC attacks increased in 2020 from $54,000 in Q1 to $80,183 in Q2.
The biggest target observed in one 2020 study was the energy and infrastructure sector with 93 percent of attacks. Other industries with a high number of weekly BEC attacks were consumer goods, manufacturing, and technology. Small to mid sized financial institutions such as banks and mortgage companies are also showing BEC as a top cyber concern.
Experiencing Business Email Compromise
Business email compromise can happen to anyone in an organization, but it will inevitably affect EVERYONE. Join us during “We Have Your Mail: Business Email Compromise Behind the Scenes” to understand what it’s like to live through an email attack. We will offer practical you can take to prepare and protect against the unknown as well as what to do if you do experience BEC. You’ll be a part of an open discussion with two panelists who have experience with BEC and can answer any questions you may have about it.