Business email compromise attacks scale up to 8000 in Q4, become more targeted
Business e-mail compromise (BEC) attacks are a type of fraud that involves impersonating a representative from a trusted business. According to Verizon, it was the second most common type of social engineering attack in 2021, and the FBI reported that BEC attacks cost U.S. businesses more than $2 billion from 2014 to 2019.
Kaspersky experts are increasingly observing BEC attacks. In Q42021, Kaspersky products prevented over 80000 BEC attacks, with the greatest number (5037) occurring in October.
Throughout 2021, the company’s researchers closely analyzed the way fraudsters craft and spread fake emails. As the result, they found out that the attacks tend to fall into two categories: large-scale and highly targeted.
The former is called “BEC-as-a-Service”, whereby attacks simplify the mechanics behind the attack in order to reach as many victims as possible. Attackers sent streamlined messages en masse from free mail accounts, with the hope of snaring as many victims as possible. Such messages often lack high levels of sophistication, but they are efficient.
An example of mass-scale CEO scam
The above message is an example of mass-scale CEO scam scheme. In this scenario, an employee receives a fake email from a more senior colleague. The message is always vague telling that one has a request to handle. A victim may be asked to urgently pay off some contract, settle some financial conflict, or share sensitive information with a third party. Any employee may potentially become a victim. Of course, there are several noticeable red flags in such a message. There is no corporate account used, and the sender clearly is not a native speaker.
At the same time that some criminals are relying on simplified mass mailouts, others are turning towards more advanced, targeted BEC attacks. The process works as follows: attackers first attack an intermediary mailbox, gaining access to that account’s e-mail. Then, once they find a suitable correspondence in the compromised mailbox of the intermediary company (say, financial matters or technical issues related to work), they continue the correspondence with the targeted company, impersonating the intermediary company. Often the goal is to persuade the victim to transfer money or install malware.
An example of targeted BEC attack
Since the target is, in fact, engaging in the conversation referenced by the attackers, they are far more likely to fall victim to the scam. Such attacks have proven to be highly effective, and that’s why they’re not only used by small-time criminals looking to make a quick profit.
‘Right now, we observe that BEC attacks become one of the most spread social engineering techniques. The reason for that is pretty simple – scammers use such schemes because they work. While fewer people tend to fall for simple mass-scale fake emails now, fraudsters started to carefully harvest data about their victims and then use it to build trust. Some of these attacks are possible because cybercriminals can easily find names and job positions of employees as well as lists of contacts in open access. That is why we encourage users to be careful at work’, comments Roman Dedenok, security expert at Kaspersky.
Learn more about the methods scammers can use victim’s public data to target organizations on Securelist.
To avoid falling victim to BEC attacks, Kaspersky experts recommend companies:
gamified training and workshops train employees to be vigilant and identify BEC attacks that get through other layers of defense.
Kaspersky Secure Mail Gateway with the solid set of anti-phishing, anti-spam, malware detection technologies. While BEC represents one of the most sophisticated types of email compromise, the product have dedicated heuristic model for processing indirect indicators and detect even the most convincing fake emails.