BEC attacks get more businesslike to trick users

Business email compromise attacks are up 53 percent over the last year and are increasingly trying to look more like legitimate emails in their use of language.

A new report from Armorblox shows 74 percent of BEC attacks are using language as the main attack vector.

Attackers have realized that many critical business workflows happen over email. As a result, this has become the primary attack mechanism for credential phishing. Notably, 87 percent of credential phishing attacks looked like legitimate common business workflows in order to trick end users into engaging with the email.

This also of course makes it difficult to configure security rules to filter the messages out. 70 percent of impersonation emails successfully evaded email security controls.

"Based on threats analyzed by Armorblox across our customer base of over 58,000 organizations, we see a sharp increase in email attacks targeting critical business workflows. These use language as the primary attack vector and impersonate VIPs, known vendors, and SaaS applications," says DJ Sampath, co-founder and CEO of Armorblox. "It is critical that organizations augment their existing email security stack with modern API-based solutions that build custom models specifically focused on these targeted attacks. The Armorblox email security platform is API-based, cloud-delivered, and analyzes more than 2.5 billion emails every month. It prevents targeted attacks, stops sensitive data leaks, and automates email security operations."

The report also shows that the rise of SaaS solutions driving business workflows has created a big surge in brand impersonation of companies in this space. Dropbox, Microsoft, and DocuSign were among the most impersonated brands in 2021.

You can get the full Armorblox 2022 Email Security Threat Report on the company's site.

Image credit: Georgejmclittle / Shutterstock