BEC Attacks Drastically Increased in August, Report Finds

• Not all BEC attacks are about large frauds
• Attackers spend a long time finding vulnerable people in the infrastructure
• The number of BEC campaigns is on the rise

A new analysis from Abnormal Security revealed that BEC (Business Email Compromise) attacks affected 99 percent of companies in August, a sharp increase from the 70 percent registered at the beginning of the month.

BEC attacks are a fact of life for many companies, as they need to keep up with schemes and fraudulent attempts developed continuously by threat actors seeking to trick employees. While targets include high-ranking employees such as VPs, the campaigns don’t always go after high-reward scenarios, implicating large wire transfers.

Many BEC frauds involve tricking people into sending gift cards, which are not usually large enough to raise flags, unlike rerouting vendor payments to other banks, for example.

“Historically, the majority of these attacks pretend to be an individual internal to the company, especially VIPs whose authority produces faster responses from employees eager to please,” states the Abnormal Security report. “This trend held in August, with 71% of BEC attacks impersonating internal entities, 57% of which were company VIPs.“

Attackers sometimes study a company’s hierarchy carefully to determine the best entry point or the people less likely to spot a BEC scheme. What makes BEC attacks successful is the difficulty to spot an incident in real-time, as regular security systems might have problems making the correct determination.

Of course, attackers don’t sit idle, trying to find the right person, and BEC attempts are usually part of more extensive campaigns, which becomes evident when looking at the numbers.

“The number of BEC campaigns received per mailbox also jumped, with the weekly average rising 81% over July,” the report also states.

Business email compromise is here to stay and the best defense against is an educated workforce that can spot such attempts and stop them before they get a foothold in the organization.