Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Research: BEC Attacks Rose 246% in 2023

    Stu Sjouwerman | Mar 14, 2024

    Amazon Email Phishing Turned VishingBusiness email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that facilitate BEC.

    ReliaQuest states, “BEC attacks will almost certainly intensify through 2024, as threat actors increasingly use generative AI and sophisticated phishing kits to evade such defenses as two-factor authentication (2FA).”

    The researchers point out that BEC attacks are typically more financially damaging than other forms of social engineering.

    “The stealthy nature of BEC leads to it often going unnoticed until the damage is done,” the researchers write. “Although useful for identifying known threats, traditional detection practices are less effective against sophisticated attackers who continuously adapt their strategies. For example, static detection relies on spotting anomalies, such as email rules with unexpected names or actions. But attackers are using techniques that mimic expected and legitimate activities, making them harder to detect and leading to potential security breaches.”

    ReliaQuest also notes that attackers are getting better at bypassing organizations’ security defenses.

    “Not only are there more means to conduct BEC, but threat actors are also becoming increasingly aware of organizations’ security measures—and finding ways to evade them,” the researchers write.

    “In a BEC attack we analyzed this year, a threat actor posed as an employee of a ReliaQuest customer and created an email rule in the employee’s Outlook account. When we flagged the action as suspicious to the client’s security team, the ‘employee’ then claimed it was intentional. Despite the claim, we recommended the customer to communicate with the employee through a different channel, which confirmed the activity was malicious.”

    New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    ReliaQuest has the story.

    Topics: Social Engineering Phishing Security Awareness Training Security Culture

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All