Business Email Compromise (BEC) attacks can deliver a fatal blow to an organization’s cybersecurity plan. With social engineering lures gaining popularity among hackers leading them to execute more successful phishing campaigns. With such developments, a new type of attack is doing rounds that need to be understood by organizations and end-users alike.
The new attack –
Investors are being targeted by scammers to earn seven times more money than a typical BEC scam. Investors from Wall Street are the targets of a new campaign that delivers fake capital calls notices requesting payment for counterfeit investments.
Statistics –
- In a normal BEC attack, the average target payout is $72000, it becomes $809,000 in the case of fake capital call notices.
- There has been a 333% increase in payroll diversion scams, since July last year.
- Along with vaccine-related phishing scams, BEC attacks have surged by 26% in just a period of three months, between October 2020 and January 2021.
- From Q1 to Q2 2020, the average loss increased by 48%, even when the BEC detection increased by 18% YOY.
Observed Trends –
- A huge surge has been noticed in aging accounts receivable reports being requested by the BEC attacks from targeted employees. The Ancient Tortoise threat actor has been credited with the majority of these attacks but other groups too have popped up that employ other tactics.
- It has also been observed that attempts have been made to trick employees into making funds transfers. Employees getting vaccines or HR managers requesting funds for non-existent vaccines are impersonated by the scammers.
Staying Safe –
- Use eScan’s Multi-Factor Authentication on all accounts.
- Invest in security layers designed to protect against BEC attacks.
- For all outgoing payment requests, have a formal process in place and confirm the request by directly calling the investment firm.
With the increasing sophistication of the threat actors seen in their attacks, the SolarWinds hacks seem to be just a warm-up. Their success rate against most of the defense set against them is very high. For entering a network and providing cybercriminals with the foothold required to cause further damage to their operations, BEC scams are still among the primary attack vectors. Consequently, our internal experts advise organizations to adopt a multi-layered security approach.
To read more, please check eScan Blog
