Business Email Compromise (BEC) attacks are a huge blow to an organization’s cybersecurity. Social engineering lures have become extremely popular among hackers as they could lead to more successful phishing campaigns. Nevertheless, a new type of attack is making the rounds and you need to know about it.
What’s going on?
Scammers have started targeting investors to earn seven times more money than a typical BEC scam. Wall Street investors are being targeted by fake capital calls notices requesting payment for counterfeit investments.
Some stats your way
While the average target payout in a normal BEC scam is $72,000, it becomes $809,000 in the case of fake capital call notices.
Since July 2020, there has been a 333% increase in payroll diversion scams.
BEC attacks, along with vaccine-related phishing scams, have surged by 26% in just a period of three months, between October 2020 and January 2021.
Although BEC detection increased by 18% YOY, the average loss increased by 48% from Q1 to Q2 2020.
Trends observed
BEC attacks requesting aging accounts receivable reports from targeted employees have seen a recent upsurge. While the majority of these attacks can be attributed to the Ancient Tortoise threat actor, other groups too have popped up that employ other tactics.
Attempts at tricking targeted employees into making fund transfers have also been observed. The scammers either impersonate employees getting vaccines or HR managers requesting funds for non-existent vaccines.
How to stay safe
Enable Multi-Factor Authentication (MFA) on all work accounts.
Although native email security seems like a good option, solely relying on it is not advisable. Invest in security layers designed to protect against BEC attacks.
Have a formal process in place for outgoing payment requests. Confirm the payment request by directly placing a phone call to the investment firm.
The bottom line
With all the recent attacks and increasing sophistication of threat actors, the SolarWinds hack seems to be just a warm-up act. They are proving way too successful at breaching every security defense set up against them. BEC scams are still among the primary attack vectors for entering a network and providing cybercriminals with the foothold required to cause further damage to their operations. Hence, it is crucial that a multi-layered security approach is adopted by firms.