Business email compromise (BEC) attacks rose 13% last month, with the average requested wire transfer increasing to $39,315, according to a new report from Fortra.
“The average amount requested from BEC wire transfer attackers was $39,315 in February compared to $24,586 in January 2025, an increase of 60%,” the report says.
“During the month of February, 25% of wire transfer BEC attacks requested less than $10,000, while 62% of wire transfer BEC attacks requested between $10,000 and $50,000. For the other 12% of wire transfer BEC attacks, 0% requested between $50,000 and $100,000, and 12% requested more than $100,000.”
Most of these attacks abused legitimate email services, making them more likely to evade detection by security filters.
“73% of BEC attacks were sent from email addresses hosted on free webmail providers compared to 27% of attacks sent from maliciously registered domains,” the researchers write. “The percentage of free webmail providers used decreased in February compared to 72% in January 2025. For February 2025, Google was the primary webmail provider used by actors to send BEC campaigns, comprising 76% of the 1,036 free webmail accounts used by scammers. Other popular webmail providers included Microsoft and Verizon Media.”
The researchers warn that threat actors are putting more effort into preparation in order to increase the likelihood of a major payoff. Fortra states, “Threat actors have intensified reconnaissance and profiling efforts, prioritizing larger financial targets and leveraging delayed fraud detection to increase operational success.”
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Fortra has the story.
Here's how it works:
