Business email compromise (BEC) attacks pose a growing threat to businesses worldwide and Barracuda has released a new report with key findings about these attacks and the steps you can take to help defend your business.
The report, titled “Spear Phishing: Top Threats and Trends Vol. 3 – Defending against business email compromise attacks”, highlights the latest tactics used by cybercriminals to launch these highly targeted attacks.
Barracuda took a detailed look at how these spear-phishing attacks use a number of tactics including convincing impersonation, strategic targeting, careful timing and social engineering to steal money or personally identifiable information from organizations.
- Is your business able to protect itself from email attacks?
- Banish those winter blues with email security
- Email security still a major worry for businesses
Business email compromise attacks
According to the report, 91 percent of BEC attacks take place on weekdays and the cybercriminals behind them often send out their phishing emails to targeted organizations during typical business hours to make them more convincing.
The average BEC attack targets no more than six employees and 94.5 percent of all of these attacks Barracuda observed target less than 25 people. Urgency is often employed to get a fast response from targeted victims and 85 percent of all BEC attacks are urgent requests.
Additionally, business email compromise attacks have high click-thru rates. One in 10 spear-phishing emails successfully trick a user into clicking and this number triples when an attack impersonates someone within an organization. In the past 12 months alone, organizations lost an average of $270,000 to spear-phishing attacks but according to the FBI, these attacks cost businesses over $26bn during the past four years.
SVP of email protection, engineering and product management at Barracuda, Don MacLennan explained how learning more about the tactics used by cybercriminals can help organizations from falling victim to BEC attacks in a press release, saying:
"Attackers continue to find new ways to make business email compromise attacks more convincing, ultimately making them more costly and damaging to businesses. Taking the proper precautions and staying informed about the tactics cybercriminals are using will help organizations defend themselves more effectively against these highly targeted attacks."
- We've also rounded up the best antivirus software