Skip to main content

Criminals are disguising themselves as your business partners

woman typing on laptop at desk
(Image credit: Unsplash)

Cybersecurity researchers at Proofpoint spent a week in February monitoring email correspondence received by 3,000 organizations in the UK, US, and Australia. What they found was that virtually every business (98 percent) was targeted by a malicious email (opens in new tab) coming from a trusted domain operated by a supplier.

According to Proofpoint, the majority of these attacks did not carry a malicious file, such as malware or ransomware. Instead, they utilized social engineering strategies, targeting distracted, gullible, or overworked employees. 

Almost three-quarters (74 percent) of the attacks were phishing or impostor attempts, while less than 30 percent of threats coming from supplier domains carried malware.

Attackers are also utilizing the cloud, leveraging popular collaboration platforms such as Microsoft 365, Google G-Suite, and Dropbox to host or send threats.

Email fraud threats are highly targeted and, when successful, can result in large financial losses. Proofpoint said it managed to stop supplier invoicing fraud attacks that could have seen millions of dollars siphoned from victim organizations. 

Earlier this year, the FBI said BEC and Email Account Compromise (EAC) made up the majority of cybercrime losses in 2020, costing businesses almost $1.9 billion.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.