Business Email Compromise Attacks Increasingly Widespread in August - Abnormal Security

Business Email Compromise Attacks Increasingly Widespread in August

The fraction of companies receiving BEC (Business Email Compromise) attacks each week increased steadily throughout August, from slightly less than 70% at the beginning of the month to over 99% by August 31st. The number of BEC campaigns received per mailbox also jumped, with the weekly average rising 81% over July.

BEC attacks typically impersonate known or trusted entities, such as company employees, corporate VIPs, or vendors. Less common than Credential Phishing attacks, BEC attacks require more effort on the part of the attacker to research organizations’ managerial structure and vendor relationships. However, the potential payoff is correspondingly higher, as attackers are able to leverage these trusted relationships to convince unsuspecting victims to wire money, buy gift cards or reroute vendor payments to attacker controlled bank accounts. Historically, the majority of these attacks pretend to be an individual internal to the company, especially VIPs whose authority produces faster responses from employees eager to please.  This trend held in August, with 71% of BEC attacks impersonating internal entities, 57% of which were company VIPs. 

The research shows attackers are studying up on organizational hierarchies, preying on human psychology, and taking advantage of existing vendor relationships in order to exploit victims. As a result, when a BEC attack is in-progress, the communication appears convincing and can be difficult to self-detect from an employees perspective. To make things more difficult for employees, BEC attacks commonly evade traditional email security defenses already in place. In order to successfully stop BEC attacks, the intended target needs advanced protection that can identify suspicious, difficult-to-detect signals that attackers transmit during an active campaign and proactively stop the attack before a financial transaction occurs.

Related content