Researchers at Trustwave have published a report outlining trends in business email compromise (BEC) attacks, finding that these attacks spiked in February of 2023.
“For the first quarter of the year, we saw a 25% increase in unique attacks compared to the last quarter of 2022,” the researchers write. “February accounted for the highest volume of BEC emails in the first half of the year. January is the second most active month for BEC. Based on our historical data, BEC emails appear to increase during the first quarter after the December holiday slump. As the year begins, people are gearing up for the tax season and the start of new endeavours. Fraudsters are sure to take advantage of this.”
Threat actors abused various free email services, particularly Gmail, to launch these attacks.
“Google was the free email service provider of choice for BEC spammers in H1 2023, with a whopping 84% of all the free webmail addresses used,” the researchers write. “Other webmail services observed include: iCloud, VK (mail.ru), and Optimum (optonline.net). Aside from free email services, new-born domains that were created to mimic legitimate company domains in the From and Reply-to header fields were also used by spammers. 35% of newly registered BEC domains also use Google as their registrar, followed by NameCheap Inc. with 25%.”
The researchers note that most BEC attacks attempt to dupe users via the following topics:
- “Payroll Diversion - Asks to change their bank account, payroll, or direct deposit information.
- “Request for Contact - Asks for the recipient’s mobile number or personal email address.
- “Task – Requesting assistance for urgent tasks or favours.
- “Availability - Very short emails asking if the victim is available, at the desk or at the office.
- “Invoice Transaction – Fraudulent emails about overdue invoice statements.
- “Gift Purchase - Talks about surprising employees with a gift, usually asks the recipient to buy a gift card.
- “Wire Transfer - Orders the recipient to prepare a certain amount of money for wire transfer.
- “Request for Document – Requests for a copy of aging report, w2, or vendor list.”
KnowBe4 has two to add, making it a round 10:
- HR: Important - New Return To Office Policy
- HR: Please update your W-4 for our records
Trustwave has the story.