A research from email security solutions provider Abnormal Security revealed that Business Email Compromise (BEC) attacks have surged across most industries, with a drastic increase in invoice and payment fraud attacks. Abnormal Security analyzed BEC campaigns across eight major industries, including retail/consumer goods and manufacturing, technology, energy/infrastructure, services, medical, media, finance, and hospitality sectors. It was found that the attacks increased in six of the eight industries during Q3 2020. The energy/infrastructure sector suffered the largest increase (93%) from Q2 to Q3.
Key Findings:
- During Q3, attackers continued to focus primarily on invoice and payment fraud, which increased 155% from Q2 to Q3. This trend was particularly notable in retail/consumer goods & manufacturing.
- While credential-phishing COVID-19 related attacks decreased by 82%, invoice and payment fraud continued to leverage fear, uncertainty and doubt about the pandemic increased by 81%.
- The most impersonated brands returned to the pre-pandemic “normal,” as Zoom dropped from the top spot, replaced by DHL, and followed by Dropbox and Amazon. Rounding out the top five were iCloud and LinkedIn.
Evan Reiser, CEO of Abnormal Security, said, “BEC research is important for CISOs to prepare and stay ahead of attackers. Not only are BEC campaigns continuing to increase overall, but they are also rising in 75% of industries that we track. Since these attacks are targeted and sophisticated, these increases could indicate an ability for threat actors to scale that may overwhelm some businesses.”
BEC Attacks: A Lucrative Business
A similar research from the APWG (Anti-Phishing Working Group) revealed how enterprises lose their wealth to BEC attacks. BEC attacks have become a highly remunerative line of business for threat actors. In its “Phishing Activity Trends Report,” APWG stated that the average wire transfer loss from BEC attacks surged from $54,000 in Q1 2020 to $80,183 in Q2 2020, as cybercriminals expected high returns. Read more…
