Table of Contents
Attacks on businesses via business email compromise (BEC) increased dramatically in 2020, with over $1.8 billion being stolen in one year alone. Cybercriminals target companies by impersonating people inside the company or pretending to be partners or vendors in order to defraud them.
According to a new report from Cisco’s Talos Intelligence, the most dangerous BEC attacks observed in the wild in 2020 included tactics that, in addition to technology, could be combated by smart users with a healthy skepticism of outside communications.
FBI Reports that BEC Attacks are Becoming more Dangerous.
In the period between December 2016 and May 2018, the number of successful BEC attacks (reported) increased by 136 %. Over $12 billion has been lost to business email compromise from October 2013 to May 2018.
The numbers of these attacks are predicted to grow, as well as the costs associated with them.
It’s tempting to get hooked on huge global corporations’ high-profile data breaches, but the truth is, these types of emails and requests happen legitimately everywhere, which is the root cause of the problem.
According to the report, the real revenue is, however, made through smaller BEC attacks.
The Report Explained
“Although a lot of attention gets paid to more destructive and aggressive threats like big-game hunting, it’s BEC that generates astronomical revenue without much of the law-enforcement attention these other groups have to contend with.
If anything, the likelihood of this has only increased in the pandemic, with people relying more and more on digital communication.”
Gift card lures accounted for by far the greatest proportion of BEC attacks, according to Cisco Talos. Emails from prominent members of an organization are usually coming from free mail providers like Yahoo, Gmail, or Outlook that appear to be from that person.
It will often contain a sad narrative that explains the victim’s hardship and prompts them to buy a gift card like an Amazon, Google Play, iTunes, PlayStation, or other commonly used ones.
“The amount of and types of businesses that get targeted with these attacks is truly staggering, ranging from huge multinational corporations down to small mom-and-pop restaurants in U.S. cities.
We found examples of small restaurants that are being targeted by impersonating the owners since the information was available on their website.”