Your The Majority of Business Email Compromise Phishing Attacks Initially Go for Credentials, Not Money

BEC Phishing AttacksWith BEC attacks historically trying to get to the “committing fraud” part as quickly as possible, new data shows threat actors are taking their time, looking for a larger payoff.

I’ve published a few articles this week around the current state of Business Email Compromise all based on GreatHorn’s 2021 Business Email Compromise Report and want to finish the week up with some enlightening details around who’s being targeted and what, initially, are cybercriminals after when the attack vector is BEC.

According to the report, threat actors are effectively using spear phishing, doing diligence and targeting some very specific roles and departments within the organization:

  • Finance, 57% of the time
  • The CEO, 22% of the time
  • IT, 20% of the time
  • HR, 9% of the time

But what makes this so interesting is to see exactly what the trap is that’s set with the spear phishing email. According to the GreatHorn data, threat actors have pivoted from social engineering tactics (attempting to trick someone into committing fraud) and have moved to the creating malicious links to websites intent on the following:

  • Capturing online credentials (57%)
  • Infecting the victim’s endpoint with malware (22%)
  • Payment fraud (20%)

So, cybercriminals now see the value of trying to gain access over the simple committing of fraud (although it’s still alive and well). In response, it’s imperative that organizations empower all their users to see these phishing attacks for what they are, despite the illusion of credibility the attackers create with their spear phishing emails. This is possible using Security Awareness Training designed to continually educate users on new attacks, their tactics, and how to spot them.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews