This is our first installment of a monthly series we’re launching to surface trends in email attacks. Our installment this month discusses trends we observed in May.
May saw a sharp rise in the number of BEC attacks with a goal of invoice or payment fraud. BEC attacks impersonate either a party internal to an organization, usually a VIP such as the CEO, or an external party such as a trusted vendor.
These attacks attempt to steal money from an organization, commonly through convincing an employee to purchase gift cards, or by duping an unwitting payroll admin into changing an employee’s direct deposit account information. Invoice and payment fraud BEC attacks steal money using tactics such as initiating fraudulent wire transfers, or hijacking vendor conversations and changing invoice information in order to redirect vendor payments. Because invoice / payment fraud attacks target business to business transactions, the dollar amounts involved are typically much larger than with other types of BEC attacks and thus have a much higher potential payout for the attacker.
Abnormal has observed an increasing number of these attacks, both in the number of organizations targeted and the number of attacks received per organization. May in particular saw 200% increase in the average rate of attacks each week, and a 36% increase in the number of organizations experiencing these attacks.
Additionally, invoice / payment fraud is now comprising a larger fraction of overall BEC attacks. In May, an average of 17% of BEC attacks had a goal of invoice or payment fraud, compared to a weekly average of less than 14% in the previous two months.