Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries

    Business Email Compromise Invoice Fraud IncreaseBusiness Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up.

    In the midst of adjusting to working-while-COVID, ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest over the last quarter.

    According to the report:

    • Overall BEC attacks increased 15%
    • Energy/Infrastructure industries experienced a 93% increase in attacks
    • Group mailboxes as targets increased by 212% while target individuals in the finance department have dropped by 53%

    It’s evident that the cybercriminals behind these attacks are thinking organizations are doing better financially, and have shifted their tactics to try to find an unwitting internal accomplice within the victim organization to assist with the fraudulent inquiries.

    The rise in interest in invoice/payment fraud scams is likely due to its ease of execution. Take a look at the example below from the report:

    10-28-20 Image

    By sending this to a group mailbox assigned to Accounts Payable, it’s far less necessary to appear credible to an individual, as it’s reasonable that not everyone in your AP department knows every one of their counterparts at a partner organization.

    Throw in a dash of good old fashioned domain impersonation to make the email appear real, and you can see how it would be easy to convince someone in AP to change the bank accounts used for payment.

    Users within your AP department need to be instructed to use a verification protocol anytime a request to change banking details is made. This should be done using a communications medium other than the one the request was made through, and should use known contact details rather than any provided within the request. Additionally, users involved with any form of managing the organization’s finances should be enrolled in Security Awareness Training to help increase their alertness when it comes to potentially-harmful emails like this.

     

    Return To KnowBe4 Security Blog

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

    Topics: Social Engineering, Ransomware, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews