Understanding Email Security Threats and BEC Trends During the Pandemic

How much is too much?

• A report from Barracuda Networks revealed that, by the end of February alone, there was a 667% spike in email-based attacks themed around the disease.
• Google revealed that Gmail faced 18 million daily malware and phishing emails related to COVID-19 in the past few weeks.

Impersonation fraud is on the rise

• According to Mimecast’s ‘The State of Email Security 2020’, impersonation fraud increased by 30% in the first 100 days of COVID-19. 
• WHO and IRS are two of the well-known organizations to be impersonated for such attacks.
• Since the start of the pandemic, WHO witnessed an increase in email-based attacks targeting the public at large. Most of these attacks are designed to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund.
• Scammers also impersonated the officials of the IRS and sent out emails on behalf of them to gather personal information from individuals.

Creative attack themes make it more difficult 

• Attack themes created around the pandemic news cycle are used to trick unsuspecting individuals into parting away with their funds or sharing details or installing malware.
• Some of the COVID-19 themes used as lures by the bad actors include testing and vaccines, financial relief benefits, and stimulus payments.

Adopting BEC trends for more payment frauds

• Researchers from Abnormal Security found that BEC attacks became more sophisticated than ever in the first quarter of 2020.
• Unlike the usual BEC scam that relies on spoofing C-suite executives, the research revealed that attackers are now impersonating employees working in finance and external vendors for their campaigns.
• BEC attacks using financial employees’ to trick victims witnessed an 87% rise in the first quarter of 2020.
• The quarter also saw a new trend wherein cybercriminals shifted the scope of their targets from individuals to groups.

What to learn from this?