Business email compromise (BEC) refers to all types of email attacks that do not have payloads. Although there are numerous types, there are essentially two main mechanisms through which attackers penetrate organizations utilizing BEC techniques, spoofing and account take-over attacks.
In a recent study, 71% of organizations acknowledged they had seen a business email compromise (BEC) attack during the past year. Forty-three percent of organizations experienced a security incident in the last 12 months, with 35% stating that BEC/phishing attacks account for more than 50% of the incidents.
The FBI’s Internet Crime Complaint Centre (IC3) reports that BEC scams were the most expensive of cyberattacks in 2020, with 19,369 complaints and adjusted losses of approximately $1.8 billion. Recent BEC attacks include spoofing attacks on Shark Tank Host Barbara Corcoran, who lost $380,000; the Puerto Rican government attacks that amounted to $4 million, and Japanese media giant, Nikkei, who transferred $29 million based on instructions in a fraudulent email.
To thwart a BEC attack, an organization must focus on the Golden Triangle: the alignment of people, process, and technology. Read on to discover best practices every organization should follow to mitigate BEC attacks.
images from Hacker News