Business email compromise (BEC) is exceptionally lucrative for cybercriminals and can be an even bigger threat to organisations than ransomware. BEC persuades high-value targets to send sensitive information or even money to fraudsters. According to the Internet Crime Complaint Centre (IC3), US$5.3 billion was stolen due to BEC fraud between October 2013 and December 2016 with an FBI spokesperson commenting “BEC is a serious threat on a global scale and the criminal organisations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims.”
This Cisco Midyear Security Report Update looks at the causes behind the rise of Business Email Compromise. Here’s a quick summary of the report:
WHY BEC NOW
We give away more than ever about ourselves online therefore social media and social engineering has added to the success rate for spoofing attacks. These attackers are extremely sophisticated and will follow targets for months on social media and news sites.
HOW IT WORKS
Adversaries create targeted messages and add unique details about either the person they are posing as, and/or the person that they are attacking, to add legitimacy to their request. The BEC will often begin with an email being sent with an urgent message that compels a recipient to send money, this money then ends up in criminal accounts either at home or abroad.
Business Email Compromise resulted in over £4 billion being stolen between October 2013 and December 2016. This compared with the 750m stolen via Ransomware demonstrates that BEC should be taken just as seriously than this more familiar form of attack.
WHO’S AT RISK
Any organisation is at risk from a business email compromise attack, it is not just a problem for small organisation. Large organisations with mature threat defences can fall victim to BEC, both Facebook and Google have been victim, losing around $100million between them.