chat
expand_more

Inside the Business Email Compromise Problem

Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $1.8 billion in reported losses in 2020 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact...
July 28, 2021

Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $1.8 billion in reported losses in 2020 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, coworker, vendor, or partner—in an effort to steal money or valuable information.

Because these emails rarely contain malicious links or attachments, they are difficult to detect by standard email security protocols, leaving organizations wide open to attack. New research from the FBI IC3 Internet Crime Report shows that BEC attacks account for 44% of all losses due to cybercrime, making it the most dangerous threat for the sixth consecutive year.

The Rising Cost of Business Email Compromise

Secure email gateways and other traditional security measures are unable to protect against these novel, never-before-seen attacks. Once they arrive in inboxes, your employees open and respond to them, putting your organization at risk for financial and reputational damage. Without a new approach, BEC will only continue to grow, and organizations worldwide will continue to suffer the consequences.

The IC3 Internet Crime Report shows that there were 19,369 victims of business email compromise attacks in 2020, costing organizations an average of $96,000 per attack. Making matters worse is the fact that this number only includes successful attacks where victims are conned into sending money—it shows nothing about the number of attempts and near-misses.

Employees Respond to BEC at Alarming Rates

Unfortunately, the impact of business email compromise attacks is much higher than what the FBI report shows. Our new research shows that an average organization receives more than 50 BEC attacks per month. Making matters worse, we found that 20% of employees engage with their attacker by responding to at least one email.

Bec data q2 2021

Even if employees are trained on how to detect an attack and respond appropriately, cybercriminals are constantly revising their schemes, attempting to stay ahead of changes in technology and training, and oftentimes doing so successfully.

Putting a Stop to Business Email Compromise

Business email compromise attacks are so successful because they do not contain traditional indicators of compromise—there are no suspicious links or malicious attachments to examine, and they often come from legitimate domains like Gmail or Yahoo. In other cases, they come from newly registered domains that have no negative reputations and may use lookalike tactics to fool people into thinking they are the real domain.

As a result, there is little that secure email gateways can do to block these attacks. In order to do so, you need a new type of email security—one that understands the good human behavior to identify and block the bad. Here at Abnormal Security, we use a unique behavior data science approach to profile and baseline good behavior. With a combination of identity modeling, behavioral and relationship graphics, and deep content analysis, we can stop emails that include suspicious information or requests—even without traditional indicators of compromise.

To learn more about the increasing BEC threat, including which types are most prevalent, download the CISO Guide to Business Email Compromise.

Inside the Business Email Compromise Problem

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More
B 1 30 23 Microsoft ATO
A recent nation-state actor attack by the Russian-backed threat group Midnight Blizzard infiltrated Microsoft. Discover how Abnormal can protect you from account takeovers in real time.
Read More