Security Awareness Training Blog

    BEC Attacks Nearly Doubled in 2020

    BEC Attacks Double in 2020A new report from Barracuda Networks found that business email compromise (BEC) attacks have nearly doubled over the past year. These attacks made up 12% of all spear phishing attacks in 2020, compared to 7% in 2019. While these might seem like low numbers, it’s worth keeping in mind that BEC attacks are far more devastating and require much more effort than normal phishing attacks. Attackers can spend months performing reconnaissance and setting up infrastructure before executing the attack, and successful BEC scams often result in multimillion-dollar losses for the victims.

    The researchers also found that 87% of spear phishing attacks took place during the week, while employees are at work. The spear phishing attacks that occurred on weekends often took advantage of the fact that employees were distracted and possibly isolated from their work environments.

    Below are some more of Barracuda’s findings:

    • “72% of COVID-19-related attacks are scamming. In comparison, 36% of overall attacks are scamming. Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations.
    • “13% of all spear-phishing attacks come from internally compromised accounts, so organizations need to invest in protecting their internal email traffic as much as they do in protecting from external senders.
    • “71% of spear-phishing attacks include malicious URLs, but only 30% of BEC attacks included a link. Hackers using BEC want to establish trust with their victim and expect a reply to their email, and the lack of a URL makes it harder to detect the attack.”

    Don MacLennan, Barracuda’s SVP of Engineering & Product Management, Email Protection, said organizations need to keep up with the changing threat landscape.

    “Cybercriminals adapt very quickly when they find a new tactic or current event that they can exploit, as their response to the COVID-19 pandemic proved only too well," MacLennan said. "Staying aware of the way spear phishing tactics are evolving will help organizations take the proper precautions to defend against these highly targeted attacks and avoid falling victim to scammers' latest tricks.”

    New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize phishing attacks.

    Barracuda has the story.

     

    Return To KnowBe4 Security Blog

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

    Topics: Phishing, Spear Phishing, CEO Fraud, COVID-19

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews