Business email compromise (BEC) attacks increased drastically in 2020, with more than $1.8 billion stolen from businesses in just one year. BEC attacks are carried out by hackers who impersonate someone inside a company or pose as a partner or vendor in order to defraud the company.
The tactics of some of the most dangerous BEC attacks observed in the wild in 2020 were examined in a new report from Cisco's Talos Intelligence, which reminded the security community that smart users armed with a healthy skepticism of outside communications and the right questions to ask are the best line of defense, in addition to technology.
According to the FBI, BEC assaults are getting more dangerous. They discovered a 136 % increase in the number of successful BEC attacks (reported) around the world between December 2016 and May 2018. Between October 2013 and May 2018, it is estimated that Business Email Compromise cost businesses over $12 billion. Analysts predict that these attacks will grow more regular and that the financial costs connected with them will continue to rise.
The report stated, “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop.” It's tempting to get hooked up on huge global corporations' high-profile data breaches. The genuine revenue, however, is made via smaller BEC attacks, according to the report.
“Although a lot of attention gets paid to more destructive and aggressive threats like big-game hunting, it’s BEC that generates astronomical revenue without much of the law-enforcement attention these other groups have to contend with,” the report explained. “If anything, the likelihood of this has only increased in the pandemic, with people relying more and more on digital communication."
According to Cisco Talos, gift card lures are by far the most popular in BEC assaults. Most of the time, these emails will appear to be from someone prominent within the organization and will come from a free provider like Gmail, Yahoo, or Outlook. The solicitations will frequently include a sad narrative of hardship and will attempt to persuade the victim to purchase an Amazon, Google Play, iTunes, PlayStation, or other common types of gift card.
“The amount of and types of businesses that get targeted with these attacks is truly staggering, ranging from huge multinational corporations down to small mom-and-pop restaurants in U.S. cities,” Talos said. “We found examples of small restaurants that are being targeted by impersonating the owners since the information was available on their website.”