Business email attacks are becoming a bigger threat than ever for businesses

email
(Image credit: Image by Muhammad Ribkhan from Pixabay)

Business email attacks (BEC), a type of email-borne scams that impersonate executives, have “surged” in the third quarter of 2024, with the manufacturing sector hit particularly hard.

Analyzing 1.8 billion emails globally (208 million of which were malicious), researchers from VIPRE security group reported BEC made up more than half (58%) of all phishing attempts in the quarter.

It found most BEC attacks (89%) impersonated figures of authority, such as Chief Executive Officers (CEO), senior executives, and IT staff, and targeted those who are lower on the hierarchy chain.

Rising sophistication

In the first quarter of 2024, BEC attacks against the manufacturing sector made up just 2% of all attempts, rising five-fold to 10% in the third quarter of the year. VIPRE claims the rise may be due to the industry’s widespread use of mobile sign-ins and various worksites.

“Employees accessing systems “on the go”, often under pressure to meet production deadlines, are more susceptible to phishing attempts,” the company said.

For Usman Choudhary, VIPRE’s CPTO, email-borne attacks are growing more sophisticated by the day, and thus becoming harder to spot and neutralize.

“BEC email and phishing attacks are becoming more targeted and convincing,” he said. “Additionally malware distribution through malicious spam campaigns continues to pose a serious threat to organizations.”

VIPRE split BEC attacks into common scams (34%), commercial spam (30%), and phishing (20%), and stressed that combined, these attacks overshadow ransomware and malware, which comprised less than 20% of all email attacks.

Defending against BEC is just the same as against any other scam that starts with an email. Employees should be trained to be skeptical of all incoming email messages, especially those that require urgent attention and resolution.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.