Articles about business email compromise

A new report from Abnormal AI shows that employees in large enterprises engage with malicious vendor messages 72 percent of the time.

Drawing on behavioral data from over 1,400 organizations worldwide, the report reveals the extent to which employees are actively engaging with advanced text-based threats like vendor email compromise (VEC) and explores the blind spots attackers are exploiting with highly targeted, socially engineered attacks.

Continue reading →

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

A new report from cyber insurance specialist Coalition finds the majority of 2024 claims (60 percent) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF.

Ransomware claims did stabilize in 2024 but they remain the most costly and disruptive type of cyberattack.

Continue reading →

Email remains a vital channel for business communications, but the availability of easy-to-use AI tools makes protecting the inbox a challenge as it's easier than ever for cybercriminals to launch sophisticated attacks.

A new report from Abnormal Security charts the rise of adversarial AI which has seen a 54 percent year-on-year rise in business email compromise attacks.

Continue reading →

A new report from Abnormal Security reveals a rise in targeted email compromise attacks on the healthcare sector.

Vendor email compromise (VEC) attacks on the sector have consistently trended upward, recording a 60 percent increase between August 2023 and August 2024. The sector's reliance on long-term vendor relationships is being exploited through VEC, where cybercriminals impersonate trusted vendors to bypass traditional email security and trick employees.

Continue reading →

Almost half (49 percent) of all detected spam emails are attributed to business email compromise (BEC) scams, with the CEO, followed by HR and IT, being the most common targets according to a new report.

The research from VIPRE Security Group puts a more sinister complexion on this trend, revealing that a full 40 percent of the BEC emails uncovered were AI-generated, and in some instances, AI likely created the entire message.

Continue reading →

Of course all companies are vulnerable to email threats, but analysis by Barracuda of targeted email attacks over the past year, reveals that organizations are vulnerable in different ways, according to their size.

Lateral phishing -- where attacks are sent to mailboxes across the organization from an already compromised internal account -- makes up just under half (42 percent) of targeted email threats against organizations with 2,000 employees or more, but just two percent of attacks against companies with up to 100 employees.

Continue reading →

The automotive industry has become a popular target for business email compromise and vendor email compromise attacks, according to new research from Abnormal Security.

Between September 2023 and February 2024, BEC attacks against businesses in the automotive industry increased by 70.5 percent. Over the same period 63 percent of Abnormal Security customers in the automotive industry experienced at least one VEC attack.

Continue reading →

Business email compromise (BEC) is one of the most common and expensive threats to organizations so they need to respond to attacks quickly and effectively.

To allow companies to investigate and respond to Microsoft 365 compromises such as BEC, account takeover (ATO) and insider threats, Cado Security is introducing a new feature to its platform so customers can automatically import the Microsoft 365 Unified Audit Log (UAL) by timeframe, user, IP, or workload.

Continue reading →

A new report from Abnormal Security shows that vendor email compromise (VEC) attacks against financial services organizations increased by 137 percent in 2023.

This is an industry that handles a wide array of sensitive personal and financial information of the type hackers love to get their hands on. This makes organizations within the financial services sector particularly susceptible to cyberattacks, including socially-engineered email attacks.

Continue reading →

A new report from managed security platform Huntress shows that 64 percent of identity-focused incidents at SMBs in the third quarter of 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC).

Another 24 percent of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.

Continue reading →

In this new era of generative artificial intelligence, one of the biggest security risks involves business email compromise attacks. Countless malicious phishing emails are already being cloned, refined, and delivered by smart AI bots around the world.

A business email compromise (BEC) is a sophisticated cybercrime that uses emails to trick the receiver into giving up funds, credentials, or proprietary information through social engineering and computer intrusion techniques. Many BEC attacks combine multi-channel elements to make the frauds seem more convincing, such as incorporating fake text messages, web links, or call center numbers into the mix with email payloads. For example, the attackers might spoof a legitimate business phone number to confirm fraudulent banking details with a victim.

Continue reading →

As students at schools and colleges in the UK begin to return after the summer break, new research shows that 96 percent of the top 50 state secondary schools, 92 percent of the top 50 sixth-form colleges and 80 percent of the top 50 universities in the UK are lagging behind on basic cybersecurity measures, leaving students, staff and partners at risk of email-based impersonation attacks.

The research from cybersecurity company Proofpoint is based on an analysis of DMARC adoption and reveals that 70 percent of UK schools are currently taking no steps to protect themselves from domain impersonation by having no published DMARC record.

Continue reading →

A new report has identified a 356 percent growth in the number of advanced phishing attacks attempted by threat actors in 2022.

The study from threat detection specialist Perception Point also shows that the overall number of attacks increased by 87 percent.

Continue reading →

The latest spear phishing trends report from Barracuda Networks shows that 50 percent of organizations studied were victims of spear-phishing in 2022, with 24 percent having at least one email account compromised through account takeover.

The report draws on a data set that comprises 50 billion emails across 3.5 million mailboxes, including nearly 30 million spear-phishing emails, as well as a survey by Vanson Bourne of IT professionals from frontline to the most senior roles at 1,350 companies.

Continue reading →