BEC scams surge, cybercriminals target nearly all organizations


96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017, according to Agari.

“BEC is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise is a social engineering attack that leverages familiarity, authority and trust, which can result in billions of dollars of losses to businesses.”

According to the FBI, BEC attacks were responsible for more than $5.3 billion in exposed losses between 2013 and 2016. BEC attacks leverage social engineering, impersonating trusted individuals to request wire payments or sensitive data such as W-2 tax forms.

Social networks and free cloud email services make it simple for cybercriminals to identify their targets, create an email account that impersonates a trusted entity (CEO, brand, partner) and then create a believable con with personalised details to make these attacks successful.

Key findings

Nearly every organization has received BEC attacks – Research reveals that 96 percent of organizations have been targeted by BEC attacks between June 2017 and December 2018. On average, organizations experienced 45 BEC attacks during this time.

BEC attacks manifest in a variety of forms – BEC attacks include display name deception, domain spoofing, and look-alike domains. However, BEC attacks function differently than phishing or spear-phishing attacks because there is no payload, such as a malicious attachment or a malicious URL.

Conventional security solutions are ineffective against BEC – As the last line of defense against advanced email-based attacks, Agari witnessed that 81 percent of BEC attackers used display name deception, 12 percent using domain spoofing and 7 percent used look-alike domains to impersonate a trusted party, without the SEG, ATP or TAP detecting it.
To read the original article :


Laisser un commentaire

Next Post

Oracle MICROS POS Flaw Affects Over 300,000 Payment Systems

  The security issue of POS systems is nothing new. Breaches in point-of-sale payment terminals have already been highlighted in the media. Taking into consideration that this device is connected with personal information, orders and card details, small wonder that it often becomes a hacker’s coveted choice. What matters here is […]