Business Email Compromise (BEC) attacks, focused on payment and invoice frauds, have become a major source of income for cybercriminals these days. Organizations all around the world are losing huge sums of money to these attacks day after day.
In fact, Q3 2020 witnessed a 155% overall increase in payment and invoice fraud via BEC attacks across eight different industries. While BEC attacks on the C-suite are still causing problems, a dramatic rise in these attacks targeting group email boxes has been noted.
BEC attacks on group mailboxes have increased 212% from Q2 2020 to Q3 2020, indicating a shift in tactics. Sending spoof or phishing emails to group email boxes provides attackers with a great way to gain credibility. Another factor that makes it a preferred line of attack is that cybercriminals don’t need the CFO or C-suite for the approval of an invoice.
Since group mailboxes include a large group of individuals, these attacks offer a higher probability of the malicious link or attachment being opened by an employee. As lots of employees are working remotely during the pandemic, they are less likely to verify the email’s validity. Also, these attacks ensure that the email is delivered to many employees using a single email address, requiring minimal effort with the potential for higher success.
What do the Statistics Say About BEC Attacks in 2020?
Showing no indication of slowing down, BEC attacks are wreaking havoc on organizations all across the globe. Following are some outrageous statistics reflecting the substantial rise in BEC attacks in 2020:
- A report revealed that the BEC attack volume has increased by 15% from Q2 2020 to Q3 2020.
- BEC campaigns targeting the infrastructure/energy industry rose by 93% from Q2 to Q3.
- Q3 marked an 81% increase in COVID-19-related BEC attacks focussed on payment and invoice fraud.
- DHL, Dropbox, Amazon, iCloud and LinkedIn have become the top 5 most impersonated brands.
- Payment and invoice fraud BEC attacks targeting finance employees have increased by 54% on average per week.
How to Protect Your Organization against BEC Attacks?
As cybercriminals are getting increasingly active and creative every day, it has become essential for organizations to take certain security measures against BEC attacks. So, here are some of the most effective cybersecurity practices to keep your organization safe:
- Generate awareness amongst your employees about the prevailing cyber-attack tactics and basic cybersecurity measures they can take to prevent it.
- Ask your employees to double-check the sender’s email address, be aware of any language issues or unusual date formats and verify the authenticity of any unusual requests by high-level executives.
- Try to avoid opening any emails from suspicious or unknown parties. In case you do, don’t click on any attachments or links under any circumstances.
- Use the company domain name to create company email accounts instead of using free, web-based accounts.
- Enable multi-factor authentication for your employees’ business email accounts, making it difficult for cybercriminals to launch a BEC attack.
- Instruct employees to verify any email requests for confidential information or wire transfers.
- Use standard email authentication protocols like DMARC, DKIM and SPF to protect your organization against domain forgery. KDMARC monitors all three of these email authentication protocols to complement the Simple Mail Transfer Protocol (SMTP).
KDMARC: One-stop Email Security Solution
Designed to offer protection against advanced email-based attacks, KDMARC not only protects your customers and prevents brand abuse but also increases email deliverability and boosts email engagement rates. It gives full insight into your organization’s email channel to detect and defend against email spoofing, spamming, BEC attacks, etc.
This tool provides you with a domain summary of 3 months together. This summary offers unprecedented visibility into fraudulent and legitimate mails sent using your company’s domain name. It helps you gain insight into the sources that are attempting to forge your company’s domain name.
Before We Go…
Counted amongst the most severe forms of cybercrime, BEC attacks pose a major threat to organizations in all parts of the world. So, it is vital to take basic email security measures and educate your employees about the threat of cyber-attacks to protect your company against BEC attempts.
Click the button below to secure your email domain against spoofing for FREE with KDMARC!