BEC attacks up 15 percent in 2025 and getting more sophisticated
New research from LevelBlue SpiderLabs shows a 15 percent increase in business email compromise (BEC) activity last year alongside a continued shift toward more sophisticated social engineering.
The research highlights emerging tactics such as contact details swapping, increased use of dual-channel attacks that move victims from email to SMS or messaging apps, and multi-persona impersonation, including the use of fake email threads designed to make requests appear more legitimate.
The findings show that BEC activity slowed down in the second quarter and gained steam again in the third quarter, behavior consistent with previous years.
BEC attacks use varying themes to immediately pique their victims’ interest. The initial email can range from one-liners to elaborate paragraphs. The identifies the most popular themes used in the initial spam message sent by fraudsters. These include things like queries around availability of an individual, invoices or wire transfers, and payroll details changes.
It’s interesting that despite the increasing use of AI to generate emails, most of the message examples, derived from the research, contain poor sentence structure, indicating they were likely created by a non-native speaker.
Cybercriminals commonly disguise themselves as CEOs, presidents, and other senior leaders to exploit authority and induce urgency. Other popular impersonations include vendors, debt collection agencies and IT staff.
Traditional BEC spam is generally short, concise, and straight to the point, written in one to three sentences with no link or attachment. This is still the norm, but the research finds more BEC emails now have longer message bodies in an attempt to add authenticity.
LevelBlue’s Katrina Udquin concludes:
BEC attackers are continuously improving and increasing the technical complexity of their emails, but at the heart of every BEC incident is still social engineering.
BEC will continue to be successful and financially damaging as long as there are people susceptible to psychological manipulation by cybercriminals. Through increased security controls, stricter financial processes, and continuous awareness training, there is a greater chance of combating this ever-changing cybercrime.
You can read more on the LevelBlue blog.
Image credit: toppercussion/depositphotos.com
