New data shows a sharp increase in monthly business email compromise (BEC) attacks focused on invoice or payment fraud.
The data comes as no surprise. Fraudsters have been increasingly leveraging the COVID-19 pandemic to target unsuspecting victims, including remote workers, via email.
Research data published this week by Abnormal Security shows a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020. Researchers note that the jump advances a trend observed throughout the year – invoice and payment fraud attacks increased more than 75 percent in the first three months of 2020.
BEC attackers typically pose as vendors, suppliers or customers to defraud victims by initiating fraudulent wire transfers or hijacking vendor conversations to redirect vendor payments.
“These types of attacks typically involve much larger dollar amounts compared to other types of BEC attacks since they target business to business transactions,” researchers said.
In a notable example shared in the report, an attacker impersonated a vendor and methodically engaged numerous employees over the course of two months, eventually persuading the target firm to change banking details and redirect the payment of a legitimate invoice of over $700,000 to the attacker’s account.
An increasing number of such attacks was detected in the April-May period – a 200% jump in the average rate of invoice and payment fraud BEC attacks each week. Researchers also noticed a 36% increase in the number of organizations suffering these attacks.
BEC attacks aren’t exclusively linked to invoices or payment fraud. However, in April these types of attacks comprised 14% of all BEC attacks, and 17% in May.