Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

    Business Email CompromiseInvolved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.

    New data from cybersecurity insurer Coalition provides some context around what kinds of attacks are resulting in serious monetary impacts that require submitting cyber insurance claims. In their H1 2020 Cyber Insurance Claims Report, I’ve already pointed out the predominance of ransomware in cyber insurance claims. This report also goes on to point out some startling statistics about BEC:

    • BEC’s 67% growth in cyber insurance claims was from 2019 to 2020
    • BEC was the “initial point of entry” in 60% of claims
    • Organizations in the Financial Services industry represent 32% of all claims
    • Organizations that use Office 365 are three times as likely to experience BEC as those with Gmail

    Coalition go on to point out that the most common attacks that result in BEC are phishing and spear phishing attacks that leverage spoofing techniques to impersonate a person or brand. In cases where users are involved with financial transactions, Coalition recommends putting a dual-control process in place that validates email-based requests involving the transfer of funds.

    I’d also suggest enrolling those same users in new school Security Awareness Training to educate them on how the bad guys go about tricking their victims, educating your users so they can spot BEC attacks a mile away.

     

    Return To KnowBe4 Security Blog

    Can hackers spoof an email address of your own domain?

    DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

    Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

    Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

    Try To Spoof Me!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-spoof-test/

    Topics: Phishing, Spear Phishing, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews