The latest Data on BEC scams shows how the bad guys are using a mix of gmail accounts, increases in stolen wire transfers, and a shift to payroll diversions to trick you out of your money.
I love it when great industry data is released; it allows us all to get a better handle on what the bad guys are doing, how are their tactics shifting, and what to expect when you experience your next attack.
Security vendor Agari recently released their H1 2021 Email Fraud & Identity Deception Trends report some new data on what they saw in the latter part of 2020. Out of literally trillions of emails analyzed, Agari found the following BEC trends:
- Wire Transfer fraud represented 22% of all BEC scams (Gift Card scams have remained number 1 throughout all of 2020, declining focus in Q4)
- The average fraudulent wire transfer was a little over $72K, up 8% from the 1H 2020
- Payroll diversion have steadily grown in interest over the last six months of 2020
- Free webmail accounts are used in over three-quarters of attacks, with Gmail being used 60% of the time
- 23%, or nearly 1 in 4, BEC attacks are sent from a lookalike domain registered by the attackers
The trends seem to be pointing to a greater interest in both fraudulent wire transfers, payroll diversion, and (of course) increases in the payoff.
Organizations need to be ready for these attacks, as use of free webmail accounts points to how easy it is for an individual to get into the cybercrime business. These bad guys need internal users to respond to emails in order to be successful. So, teaching users via Security Awareness Training can help then easily identify BEC scams and help to reduce the risk surface of the organization.