Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Business Email Compromise Attacks Focused on Invoice Fraud Surge by 75%

    Business Email CompromiseAs attacks on the C-Suite decline, new data shows that employees in finance department roles are critical to the success of shifts in attack campaign strategy.

    There’s one thing we’ve learned to be true about cybercriminals that use phishing emails as their initial attack vector – it’s that they always align their target victim with the campaign. From selecting the victim, to the choice of crime to be committed, to the social engineering tactics, every last detail is planned out to maximize the success of the attack efforts.

    According to email security provider, Abnormal Security, in their Quarterly BEC Report Q1 2020, those cybercriminal organizations engaged in business email compromise attacks have changed their tactics – in some cases drastic changes:

    • From individual to group targets – campaigns with more than 10 recipients were up 27%
    • From C-suite to finance staff – campaigns targeting execs declined by 37% while those targeting finance staffers increased 87%
    • From engagement attacks to invoice fraud – paycheck and engagement attacks declined by more than half while invoice fraud increased by 75%
    • COVID-19 remains popular – Throughout the course of Q1, coronavirus-themed attacks rose by an average of 173%

    With the overarching takeaway being that all your finance employees are the target of invoice fraud, there’s something tangible to communicate to that segment of your staff to avoid becoming a victim. But because tactics will continue to change as organizations become wise to attacks and other areas of businesses lax their sense of security, it’s important to keep the entire organization vigilant by enrolling them in continual Security Awareness Training, which educates them on the need to be watchful for suspicious content and offers up pertinent examples as attack trends change.

     

    Return To KnowBe4 Security Blog

    Can hackers spoof an email address of your own domain?

    DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

    Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

    Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

    Try To Spoof Me!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-spoof-test/

    Topics: Social Engineering, Phishing, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews