Business Email Compromise (BEC) attacks are a huge blow to an organization’s cybersecurity. Social engineering lures have become extremely popular among hackers as they could lead to more successful phishing campaigns. Nevertheless, a new type of attack is making the rounds and you need to know about it.

What’s going on?

Scammers have started targeting investors to earn seven times more money than a typical BEC scam. Wall Street investors are being targeted by fake capital calls notices requesting payment for counterfeit investments.

Some stats your way

  • While the average target payout in a normal BEC scam is $72,000, it becomes $809,000 in the case of fake capital call notices. 
  • Since July 2020, there has been a 333% increase in payroll diversion scams. 
  • BEC attacks, along with vaccine-related phishing scams, have surged by 26% in just a period of three months, between October 2020 and January 2021. 
  • Although BEC detection increased by 18% YOY, the average loss increased by 48% from Q1 to Q2 2020.

Trends observed

  • BEC attacks requesting aging accounts receivable reports from targeted employees have seen a recent upsurge. While the majority of these attacks can be attributed to the Ancient Tortoise threat actor, other groups too have popped up that employ other tactics. 
  • Attempts at tricking targeted employees into making fund transfers have also been observed. The scammers either impersonate employees getting vaccines or HR managers requesting funds for non-existent vaccines. 

How to stay safe

  • Enable Multi-Factor Authentication (MFA) on all work accounts.
  • Although native email security seems like a good option, solely relying on it is not advisable. Invest in security layers designed to protect against BEC attacks.
  • Have a formal process in place for outgoing payment requests. Confirm the payment request by directly placing a phone call to the investment firm.

The bottom line

With all the recent attacks and increasing sophistication of threat actors, the SolarWinds hack seems to be just a warm-up act. They are proving way too successful at breaching every security defense set up against them. BEC scams are still among the primary attack vectors for entering a network and providing cybercriminals with the foothold required to cause further damage to their operations. Hence, it is crucial that a multi-layered security approach is adopted by firms.

Cyware Publisher