Skip to main content

Business email compromise attacks are getting out of hand

woman typing on laptop at desk
(Image credit: Unsplash)

Business email compromise (BEC) attacks continue to plague security teams, with companies losing millions of dollars as a result, a new report from Area 1 Security suggests.

Analyzing more than 31 million threats across multiple industries, the security firm found that almost a tenth (9 percent) of attacks used identity deception tactics (spoofing, domain impersonation, display name impersonation, etc.). Other common tactics included credential harvesters, compromised links and attachments.

Most of the time, attackers tried to impersonate three major organizations (56 percent): the World Health Organization, Google and Microsoft. In some cases, these spoofed emails concealed BEC attacks.

Although only 1.3 percent of threats were BEC attacks, they are having a serious impact on the bottom line. On average, BEC requests sought $1.5 million, with the median coming in at $260,000.

Businesses are trying to remedy the issue by training end-users, but it doesn’t seem to be working out. The report states that 92 percent of user-reported phishing was actually “entirely benign spam or bulk mail”. IT teams are flooded with “thousands of false alarms”, making the detection of actual problems that much more difficult.

“Cyber campaigns continue to be a tool for waging war against corporations, theft of intellectual property, and massive financial and data loss,” said Patrick Sweeney, CEO at Area 1 Security.

“Our research found that security awareness training is only beneficial from an educational perspective but not effective in stopping threats.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.