Some email scams—penis enlargement spam, "Nigerian prince" shakedowns—feel like they've been around almost as long as email itself. But the grifts have evolved significantly over the last decade, as scammers have learned that they can extract much bigger payouts from big businesses than lone victims. They've tallied billions of dollars in the last few years alone. In the 2020s, it's only going to get worse.
In these so-called business email compromise schemes, attackers either infiltrate a legitimate email account from a company or create a realistic spoof account. They use that position to broker seemingly legitimate wire transfers for "business transactions" like contract payment; the money instead goes into the criminal's pockets. The scale is staggering; in September alone, Toyota lost $37 million in a BEC scam, and the Japanese media company Nikkei lost $29 million.
"For a long time cybercriminals believed that the money was within the masses," says Crane Hassold, senior director of threat research at the email security firm Agari and former digital behavior analyst for the Federal Bureau of Investigation. "But in fits and starts over the past decade and then especially beginning about five years ago you saw a pivot of the entire threat landscape—email scams, ransomware—making more money with targeting businesses than individuals. We’re certainly not at the peak of this wave right now. We are at a point of rapid evolution."
It might seem obvious that businesses could be swindled out of more cash than individual victims, g ..
Support the originator by clicking the read the rest link below.
