Sharp Spike in Attacks Targeting Company Email Accounts

A new report by email and data security company Mimecast has revealed a staggering increase in the number of Business Email Compromise (BEC) cyber-attacks.

The quarterly Email Security Risk Assessment (ESRA) report, released today, found a 269% increase in the number of BEC attacks in quarter two of 2019, compared to the first quarter of the year. 

BEC attacks are sophisticated scams that typically target businesses working with foreign suppliers and businesses that regularly perform wire-transfer payments. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized funds transfers.

According to the FBI, there are five main types of BEC scams, all of which allow threat actors to commit email-based impersonation fraud using methods that evade many traditional email security systems.

The Bogus Invoice Scheme involves an attacker impersonating a company's supplier and requesting funds transfers to the attacker's bank account in payment of services rendered. An attacker committing CEO Fraud will pose as one of the company's most senior executives and send an email to the finance department requesting that money be transferred to an account they control.  

If the attack is an Account Compromise, an executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.

A Data Theft BEC attack targets employees in the HR and finance departments to fraudulently obtain personally identifiable informatio ..

Support the originator by clicking the read the rest link below.