What are Business Email Compromise (BEC) Attacks?
BEC attacks rely primarily on social engineering. While employees at any level can be targeted, the criminals almost exclusively appeal to seniority to secure compliance. These attackers create email addresses that mimic those used by senior executives, use free services such as Gmail to create email addresses that appear to be an executive’s personal account, or, less commonly, gain access to executives’actual corporate email accounts using phishing attacks or other means. Once the attacker has a plausible email account from which to operate, they use social engineering tactics to, for example, request the target either divert payment on a valid invoice to the criminal’s bank account, in means of a fake receipt or redirect company finance to a false bank account.
While BEC attacks fall under the umbrella of phishing, they don’t typically include malware or malicious links.
They don’t have to: After all, who’s going to say no to their CEO?
BEC Attacks Targeting Office 365/G Suite
Email Account Takeover Attacks:
While simple, these attacks are both highly sophisticated and financially devastating. The FBI reported a total loss of roughly $1.8 billion dollars in 2020 — and this is just from the attacks they were aware of.
Osterman’s research estimates that 80% of organizations were targeted by at least one BEC attack in 2021. Mid-sized organizations, those with 500 to 2,500 email users, were even more likely to experience an attack: Nearly nine out of 10 saw an attack last year.
These Business Email Compromise attacks are often successful. Nearly 60% of organizations surveyed reported being victims of a successful or almost successful BEC attack. Roughly 40% of organizations said they had no BEC attacks that fell into these categories. But as these attacks become more common, organizations are becoming increasingly aware that they can no longer count on not being targeted as a defense strategy.
Organizations Are Recognizing the Risk
The high number of successful attacks, coupled with growing news coverage of the most devastating ones, is causing companies to reevaluate the risk posed by such attacks. According to the Osterman survey, the number of organizations that claimed preventing such attacks was important to them grew by 30% in just one year, with further increases projected in the short term. At the same time, respondents also said they lacked confidence in their existing protections and were unsure about their ability to safeguard funds, obtain help from insurance providers or law enforcement, or prevent these attacks from getting to highly targeted users in the first place. Cybercriminals are aware that organizations are depending on cybersecurity technologies that were never designed to stop BEC attacks.
SonicWALL®TZ Series
The all new SonicWALL®TZ Series offers revolutionary breakthroughs with higher performance protection, new redundancy capabilities, enterprise-class Anti-Spam integration, application inspection, and other innovations to protect and improve the efficiency of distributed enterprises and small-to-midsize businesses (SMBs).