Armorblox published its 2022 Email Security Threat Report, which finds that language-based BEC attacks are prevailing. The research found that 74% of attacks use language as the main attack vector. Some commonly used BEC attack payloads are language, weaponized payloads, malicious links, and common business workflows. 
 

Key findings

  • Apart from socially engineered emails, attackers are adopting graymail. Graymails are legitimate-looking emails that can bypass spam filters and can enable attackers to identify out-of-office employees. 
  • From 2021 to 2022, language-based BEC attacks have surged by 53% on a year-on-year basis. 
  • Among the BEC attacks that targeted organizations, 52% were not detected by native email security solutions.

Why this matters

  • Using language as the primary payload, makes it challenging to prevent BEC attacks.
  • These kinds of attacks increase the chances of advanced threats, such as graymails, evading native email security and landing in the inboxes of employees. 
  • Threat actors depend on social engineering tactics to convince people into doing their bidding. Hence, conventional measures, including links, headers, and metadata, are not enough for defense. Language-based BEC attacks depend on the choice of words used in the email to trick an unsuspecting employee. 

What else?

  • The FBI issued a report stating that BEC attacks accounted for domestic and international losses of $43 billion between June 2016 and December 2021. 
  • According to another report by Abnormal, BEC attacks witnessed a rise of 84% between H1 2021 and H2 2021. 
  • Cryptocurrency-related BEC fraud accounted for more than $40 million in losses in 2021.  

The bottom line

The growing relevance of BEC attacks, especially language-based ones, paints a grim picture of where the threat is headed. Moreover, natural language-based threats pose a rising concern in SMSes. To tackle this threat, organizations should design policies that necessitate fraud checks and additional authentication before any changes or wire transfers are made. BEC attacks are extremely common and can lead to massive financial losses, and hence, implementing strict, proactive measures is recommended.

Cyware Publisher

Publisher

Cyware