Business email compromise attacks spike in March

No Comments

Email fraud

In yet another sign that cybercriminals are keen to exploit the current world situation, in the second and third weeks of March business email compromise (BEC) attacks increased more than 430 percent according to email security specialist Abnormal Security.

In the early part of the year attacks on C-Suite executives decreased by 37 percent from Q4 2019 to Q1 2020, while the focus shifted to finance employees, attacks targeting them increasing 87 percent in Q1 2020 against Q4 2019.

Through the course of Q1, there has been a 173 percent increase in COVID-19 related attacks, as malicious threat actors use techniques such as social engineering, email spoofing, and brand impersonations to attempt to deceive users. These began early with attacks impersonating the Centers for Disease Control and Prevention appearing as early as February. By late March the pattern had switched to impersonating major multinational financial institutions offering financial relief, in an attempt to steal credit card information from victims.

The report's authors note, "In general, attackers used fear, uncertainty, and urgency around COVID-19 to deliver targeted attacks. Attackers aligned with the broader news cycle to impersonate trusted entities at key times, such as the Centers for Disease Control (CDC), university health task forces, and the Public Health Agency of Canada (amongst many others) to increase the likelihood that recipients would engage with their emails."

Among other findings from the study, payment fraud -- specifically invoice fraud attacks -- also increased more than 75 percent between Q1 2020 and the Q1 2019. There has also been a shift from individual to group attacks, as campaigns with more than 10 recipients were up 27 percent compared with Q4 2019.

The report also suggests that criminals may be taking to supply chain attacks to leverage the trusted relationship of external third parties, where the bulk of communications are likely to be conducted on email. Business invoices also represent much larger amounts of money when an attack succeeds.

The full report is available to download from the Abnormal Security site.

Image Credit: Balefire/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Firefox Nightly expands to Linux on ARM64

How writing zip support for Windows almost cost its creator his job at Microsoft

Apple AirPlay comes to IHG Hotels and Resorts

Millennials are key targets for phishing

Get 'Applied Machine Learning and AI for Engineers' (worth $67.99) for FREE

Best Windows apps this week

The dynamics of modern Windows device management [Q&A]

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

14 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.