Articles about BEC

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

A new report from cyber insurance specialist Coalition finds the majority of 2024 claims (60 percent) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF.

Ransomware claims did stabilize in 2024 but they remain the most costly and disruptive type of cyberattack.

Continue reading →

A new report from LevelBlue reveals an increase in the use of Phishing-as-a-Service (PhaaS) kits, with business email compromise (BEC) remaining the most common form of
attack.

Because PhaaS kits are increasingly accessible, it's easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, there's a new PhaaS, known as RaccoonO365, on the block too. This kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

Continue reading →

Despite the rise of other means of communication email remains the most commonly used. This makes it attractive to cybercriminals as it offers an entry point to businesses and the gateway that employees rely on to do their jobs.

A new report from Abnormal Security highlights the attacks that we’re likely to see in the next year and shows the need for improved defenses, including the use of AI.

Continue reading →

New data from Abnormal Security shows that between September 2023 and September 2024, phishing, business email compromise, and vendor email compromise attacks on manufacturers increased significantly.

The number of monthly attacks phishing attacks has grown nearly 83 percent between September 2023 and September 2024. Business email compromise attacks are up 56 percent too.

Continue reading →

Hardly a week goes by without news of another email-based attack via phishing or Business Email Compromise (BEC) scam. These types of attacks can cause a great deal of damage to infrastructure and an organization’s image, whether it is a large enterprise, a small-medium business (SMB) or even much smaller retailers. The FBI (Federal Bureau of Investigation) reports that the average financial loss per BEC attack is $125,000 and last year estimated the Business Email fraud industry to be valued at a whopping $50 billion.

These attacks are increasingly creative, and typically involve impersonation of someone such as the head of an organization or finance. If someone responds on behalf of the executive, they could unknowingly give away the keys to the kingdom, causing significant losses. With that in mind, let’s review some of the larger email security trends.

Continue reading →

The automotive industry has become a popular target for business email compromise and vendor email compromise attacks, according to new research from Abnormal Security.

Between September 2023 and February 2024, BEC attacks against businesses in the automotive industry increased by 70.5 percent. Over the same period 63 percent of Abnormal Security customers in the automotive industry experienced at least one VEC attack.

Continue reading →

Business email compromise (BEC) is one of the most common and expensive threats to organizations so they need to respond to attacks quickly and effectively.

To allow companies to investigate and respond to Microsoft 365 compromises such as BEC, account takeover (ATO) and insider threats, Cado Security is introducing a new feature to its platform so customers can automatically import the Microsoft 365 Unified Audit Log (UAL) by timeframe, user, IP, or workload.

Continue reading →

A new report from managed security platform Huntress shows that 64 percent of identity-focused incidents at SMBs in the third quarter of 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC).

Another 24 percent of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.

Continue reading →

In this new era of generative artificial intelligence, one of the biggest security risks involves business email compromise attacks. Countless malicious phishing emails are already being cloned, refined, and delivered by smart AI bots around the world.

A business email compromise (BEC) is a sophisticated cybercrime that uses emails to trick the receiver into giving up funds, credentials, or proprietary information through social engineering and computer intrusion techniques. Many BEC attacks combine multi-channel elements to make the frauds seem more convincing, such as incorporating fake text messages, web links, or call center numbers into the mix with email payloads. For example, the attackers might spoof a legitimate business phone number to confirm fraudulent banking details with a victim.

Continue reading →

New research shows that if an attacker has compromised an email account they can use inbox rules to hide in plain sight while they quietly move information out of your network via your inbox and hide security warnings.

The report from Barracuda reveals techniques including setting a rule to forward to an external address all emails containing sensitive and potentially lucrative key words such as 'payment' or 'confidential' to steal information or money.

Continue reading →

Email attacks in the US grew by five times between June 2022 and May 2023. However, Europe saw total attacks increase seven-fold during the same period -- to an average of 2,842 attacks per 1,000 mailboxes in May.

Data released today by Abnormal Security shows that where business email compromise (BEC) attacks are concerned, the disparity is even greater.

Continue reading →

Business email compromise (BEC) attacks are a major issue and are reckoned to have accounted for over a third of all financial losses from cyberattacks in 2021.

While not as common as phishing, BEC is a serious threat and it's not just in English-speaking countries. Abnormal Security has identified two groups using executive impersonation to execute BEC attacks on companies worldwide.

Continue reading →