Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches



Business Email CompromiseInvolved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.

New data from cybersecurity insurer Coalition provides some context around what kinds of attacks are resulting in serious monetary impacts that require submitting cyber insurance claims. In their H1 2020 Cyber Insurance Claims Report, I’ve already pointed out the predominance of ransomware in cyber insurance claims. This report also goes on to point out some startling statistics about BEC:

  • BEC’s 67% growth in cyber insurance claims was from 2019 to 2020
  • BEC was the “initial point of entry” in 60% of claims
  • Organizations in the Financial Services industry represent 32% of all claims
  • Organizations that use Office 365 are three times as likely to experience BEC as those with Gmail

Coalition go on to point out that the most common attacks that result in BEC are phishing and spear phishing attacks that leverage spoofing techniques to impersonate a person or brand. In cases where users are involved with financial transactions, Coalition recommends putting a dual-control process in place that validates email-based requests involving the transfer of funds.

I’d also suggest enrolling those same users in new school Security Awareness Training to educate them on how the bad guys go about tricking their victims, educating your users so they can spot BEC attacks a mile away.


Can hackers spoof an email address of your own domain?

DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

Try To Spoof Me!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/domain-spoof-test/



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews