Cybercriminals are getting better at Business Email Compromise (BEC), a new report from Barracuda suggests.
According to the report, while BEC made up just seven percent of all spear-phishing attacks in 2019, it now takes up 12 percent, which is a significant jump. In terms of the overall threat landscape, email fraud is the most popular practice, with 36 percent of overall attacks linked with email scams.
Further breaking the figures down, the report reveals that 72 percent of all Covid-19-related attacks are classified as phishing. Attackers prefer to use Covid-19 in their less-targeted scamming attacks, Barracuda says, adding that they focus on fake cures and donations.
However, there is a significant difference between BEC and other spear-phishing attacks. While the majority of spear-phishing attempts (71 percent) include a malicious URL, this is the case in just 30 percent of BEC incidents. The report concludes that hackers are most interested in establishing trust with their victims, and they can only do that by engaging in back-and-forth correspondence.
While spear-phishing attacks usually come from email addresses outside the corporate network, in 13 percent of cases they originate from already compromised accounts. For this reason, it’s important for organizations to put as much effort into protecting against internal email traffic as much as they do into protecting from external senders.
“Cybercriminals adapt very quickly when they find a new tactic or current event that they can exploit, as their response to the COVID-19 pandemic proved only too well,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection at Barracuda.
“Staying aware of the way spear-phishing tactics are evolving will help organizations take the proper precautions to defend against these highly targeted attacks and avoid falling victim to scammers’ latest tricks.”