Between the second and third weeks of March 2020, email scams and phishing attacks spiked by an unprecedented 436%. Such was the effect of the COVID-19 pandemic. Meanwhile, business email compromise (BEC) attacks have been less affected by the pandemic, but have also increased and evolved.
BEC attacks represent a low percentage of email attacks by volume, but a disproportionally high percentage of overall loss to business. According to the 2019 FBI IC3 report, BEC was responsible for more than 50% of all cybercrime-related financial loss.
According to Abnormal Security's Quarterly BEC Report Q1 2020 (PDF), there have been several major shifts in BEC attack patterns. The first is a move away from targeting individual C-Suite leaders towards targeting finance employees. The former has decreased by 37% between Q4 2019 and Q1 2020, while the latter has increased by 87% over the same period.
Linked to this has been a discernible shift away from individual targets towards attacks against groups of ten or more targets. "By targeting a group within an organization," say the Abnormal researchers, "the attacker increases the likelihood of a response from one individual, creating legitimacy across the other targets." Such attacks increased by 17%.
Another development has been a movement away from paycheck and engagement fraud towards invoice fraud. The former has declined by 50% since the previous quarter, while the latter has increased by more than 75%. The criminals are exploiting the generally high level of trust in the supply chain combined with less well-established communication channels, most usually conducted by email, between the companies.
Overall, BEC attacks per thousand mailboxes (a measure used to normalize figures ..
Support the originator by clicking the read the rest link below.
