Business Email Compromise (BEC) attacks have increased over the past year and have emerged as one of the most financially damaging cybersecurity threats, according to a new report.
The Business Email Security Landscape report, compiled by email security platform vendor GreatHorn, attributes the increase to the new normal work from home workforce, which Kevin O’Brien, CEO of GreatHorn believes has opened the “floodgates for cybercriminals.”
The report reveals the continuous assault on corporate inboxes with almost a third of the surveyed organizations (30%) sharing that over 50% of the links they receive via email lead to a malicious site.
- We've put together a list of the best endpoint protection software
- Protect your devices with these best antivirus software
- Here's our list of the best small business servers available
“Cybercriminals want the keys to the castle, which they achieve by stealing credentials. To do so they often target C-suite and finance employees as they have the most privileged information available to access,” reasons O’Brien.
Forged identities
According to the report, spoofed email accounts or websites were the most experienced form of a BEC attack, with 71% of the organizations having seen one over the past year, followed by spear phishing (69%) and malware (24%).
About 50% of all BEC attacks involved spoofing of an individual’s identity in the display name, while the spear phishing emails forged company names (68%), names of individual targets (66%), and the name of boss/managers (53%) to conduct their attacks.
“What makes BEC attacks so successful is the availability of basic personal information online, that can be used against an employee who might be suffering from screen or email fatigue,” argues the report, adding that employees were more susceptible to clicking on malicious links after recognizing a familiar name or other relevant identifiers pertaining to their job.
This is especially worrying considering that one out of four businesses say that between 76% to 100% of all the malware they detect is delivered via email.
- Here’s our roundup of the best secure email providers
