Business email compromise (BEC) attacks, a form of cyberattack in which a criminal impersonates an executive from a company and tries to scam either that company's employees, customers or partners, has been blooming since the start of the Covid-19 pandemic, new research has found.
A report from cybersecurity firm Proofpoint claims that since March this year, it witnessed more than 7,000 CEOs being impersonated. More than half of its customers have had some highly-positioned executive impersonated and their name used in a scam attempt.
In the past three months alone, Proofpoint says, a CEO was impersonated 102 times, and the FBI claims more money was lost this year with BEC attacks than any other previous year since it began tracking.
As a matter of fact, BEC and EAC (Email Account Compromise) attacks have accounted for more than half of all cybercrime losses ($1.77B) last year, it was added. The average loss per BEC incident in 2019 was $74,723.
Proofpoint claims to now be blocking 15,000 of these emails every day.
When targeting a business, criminals need to do two things – gather as many personal information on the victim and the executive being impersonated in order to sound convincing; and create a sense of urgency with the victim so that they don't spot the fraud.
They would often target either payroll or human resources departments, asking for an urgent change of the direct deposit information. They would also sometimes send a fraudulent invoice urging the payroll department to make the payment as soon as possible.
The best way to protect against BEC and EAC attacks is not to rush with any requests that come in via email and double-check with the person asking for the changes before making any.