Business email compromise attacks on the rise

Posted on 28 Mar 2017 by Jonny Williamson

Manufacturing organisations are among those most targeted by business email compromise (BEC) attacks, with incidents increasing by almost half, according to a recent study.

So-called business email compromise (BEC) attacks rose by 45% in the last three months of 2016 compared to the prior three months, with manufacturing, retail and technology companies most at risk.

Hit repeatedly every month, cybercriminals are seeking to take advantage of more complex supply chains and SaaS infrastructure common to all three industries.

More than 70% of the most common BEC subject line families feature the words ‘Urgent’, ‘Payment’ and ‘Request’, with 66% of all fraudulent emails displaying the same address domain as that of the company being targeted.

The global research into attack attempts across more than 5,000 enterprise companies was conducted by security and compliance specialist, Proofpoint, and covered the US, Canada, the UK, German, French and Australian firms.

Data indicates no correlation between the size of the company and BEC attack volume, with larger companies making for attractive targets due to having more funds to draw on and greater organisational complexity to hide behind, irrespective of stricter financial controls. Smaller companies may not yield the same returns, but the relative absence of financial controls makes them more vulnerable.

While CEO impersonation continues to be prevalent in BEC attacks, cybercriminals are increasingly targeting victims deeper within organisations. There has been a shift beyond simple fraudulent CEO-to-CFO strategies to CEO-different employee groups; for example, to accounts payable for wire transfer fraud attempts, to human resources for confidential tax information and identities—and engineering for intellectual property theft.

Senior vice president of cybersecurity strategy at Proofpoint, Ryan Kalember explained: “Seventy-five percent of our customers were hit with at least one attempted BEC attack in the last three months of 2016—and it only takes one to cause significant damage.

“Our research shows static policies cannot keep up as attackers are constantly changing their socially-engineered messages. Organisations need detection, authentication, visibility, and data loss prevention to ensure they don’t fall victim.”