With BEC attacks historically trying to get to the “committing fraud” part as quickly as possible, new data shows threat actors are taking their time, looking for a larger payoff.
I’ve published a few articles this week around the current state of Business Email Compromise all based on GreatHorn’s 2021 Business Email Compromise Report and want to finish the week up with some enlightening details around who’s being targeted and what, initially, are cybercriminals after when the attack vector is BEC.
According to the report, threat actors are effectively using spear phishing, doing diligence and targeting some very specific roles and departments within the organization:
- Finance, 57% of the time
- The CEO, 22% of the time
- IT, 20% of the time
- HR, 9% of the time
But what makes this so interesting is to see exactly what the trap is that’s set with the spear phishing email. According to the GreatHorn data, threat actors have pivoted from social engineering tactics (attempting to trick someone into committing fraud) and have moved to the creating malicious links to websites intent on the following:
- Capturing online credentials (57%)
- Infecting the victim’s endpoint with malware (22%)
- Payment fraud (20%)
So, cybercriminals now see the value of trying to gain access over the simple committing of fraud (although it’s still alive and well). In response, it’s imperative that organizations empower all their users to see these phishing attacks for what they are, despite the illusion of credibility the attackers create with their spear phishing emails. This is possible using Security Awareness Training designed to continually educate users on new attacks, their tactics, and how to spot them.