These are the tricks hackers are using to hijack your email

Email client
(Image credit: Shutterstock)

Business email compromise (BEC) attacks pose a growing threat to businesses worldwide and Barracuda has released a new report with key findings about these attacks and the steps you can take to help defend your business.

The report, titled “Spear Phishing: Top Threats and Trends Vol. 3 – Defending against business email compromise attacks”, highlights the latest tactics used by cybercriminals to launch these highly targeted attacks.

Barracuda took a detailed look at how these spear-phishing attacks use a number of tactics including convincing impersonation, strategic targeting, careful timing and social engineering to steal money or personally identifiable information from organizations.

Business email compromise attacks

According to the report, 91 percent of BEC attacks take place on weekdays and the cybercriminals behind them often send out their phishing emails to targeted organizations during typical business hours to make them more convincing.

The average BEC attack targets no more than six employees and 94.5 percent of all of these attacks Barracuda observed target less than 25 people. Urgency is often employed to get a fast response from targeted victims and 85 percent of all BEC attacks are urgent requests.

Additionally, business email compromise attacks have high click-thru rates. One in 10 spear-phishing emails successfully trick a user into clicking and this number triples when an attack impersonates someone within an organization. In the past 12 months alone, organizations lost an average of $270,000 to spear-phishing attacks but according to the FBI, these attacks cost businesses over $26bn during the past four years.

SVP of email protection, engineering and product management at Barracuda, Don MacLennan explained how learning more about the tactics used by cybercriminals can help organizations from falling victim to BEC attacks in a press release, saying:

"Attackers continue to find new ways to make business email compromise attacks more convincing, ultimately making them more costly and damaging to businesses. Taking the proper precautions and staying informed about the tactics cybercriminals are using will help organizations defend themselves more effectively against these highly targeted attacks."

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.