Business Email Compromise (BEC) attacks are a huge blow to an organization’s cybersecurity. Social engineering lures have become extremely popular among hackers as they could lead to more successful phishing campaigns. Nevertheless, a new type of attack is making the rounds and you need to know about it.
What’s going on?
Scammers have started targeting investors to earn seven times more money than a typical BEC scam. Wall Street investors are being targeted by fake capital calls notices requesting payment for counterfeit investments.
Some stats your way
- While the average target payout in a normal BEC scam is $72,000, it becomes $809,000 in the case of fake capital call notices.
- Since July 2020, there has been a 333% increase in payroll diversion scams.
- BEC attacks, along with vaccine-related phishing scams, have surged by 26% in just a period of three months, between October 2020 and January 2021.
- Although BEC detection increased by 18% YOY, the average loss increased by 48% from Q1 to Q2 2020.
- BEC attacks requesting aging accounts receivable reports from targeted employees have seen a recent upsurge. While the majority of these attacks can be attributed to the Ancient Tortoise threat actor, other groups too have popped up that employ other tactics.
- Attempts at tricking targeted employees into making fund transfers have also been observed. The scammers either impersonate employees getting vaccines or HR managers requesting funds for non-existent vaccines.
How to stay safe
- Enable Multi-Factor Authentication (MFA) on all work accounts.
- Although native email security seems like a good option, solely relying on it is not advisable. Invest in security layers designed to protect against BEC attacks.
- Have a formal process in place for outgoing payment requests. Confirm the payment request by directly placing a phone call to the investment firm.
The bottom line
With all the recent attacks and increasing sophistication of threat actors, the SolarWinds hack seems to be just a warm-up act. They are proving way too successful at breaching every security defense set up against them. BEC scams are still among the primary attack vectors for entering a network and providing cybercriminals with the foothold required to cause further damage to their operations. Hence, it is crucial that a multi-layered security approach is adopted by firms.