Business email compromise (BEC) is a billion-dollar business for threat actors. According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams have led to $26 billion in losses in the last three years. This year’s Verizon 2020 Data Breach Investigations Report (DBIR) report looked at the unique sophistication of Financially Motivated Social Engineering (FMSE) attacks and found that while these types of attacks have been steadily climbing since 2016, their popularity jumped even more significantly in 2019.
FMSE attacks are not necessarily sophisticated in a technical sense. There is no malware as you would see in a more advanced nation-state attack. As we highlighted in our earlier blog post, Verizon has theorized that with hacking and social breaches, the need for malware has decreased. These attacks are, however, highly sophisticated and inventive. The attackers have done the research and reconnaissance, crafting highly relevant messages, delivered from carefully impersonated sources or in more advanced cases, from legitimate, yet compromised, email accounts.
The Abnormal Security threat research team has seen FMSE attacks increasing in frequency and sophistication. For example, on April 8, 2020, the team detected and stopped an attempted invoice fraud targeting a telecommunications provider, preventing more than $700,000 in losses. The attacker’s patient, persistent and sophisticated operation lasted over nine weeks.
In this attack, the attacker impersonated a real vendor using domain impersonation and methodically engaged numerous employees over the course of two months, eventually convincing the target to change banking details and redirect the payment of a legitimate invoice of over $700,000 to the attacker’s account.
This is just one example of the type of FMSE attack that today’s organizations must protect against. To learn more about the invoice fraud attack and how Abnormal Security protects against FMSE attacks, please learn more by reading our case study here.