Business Email Compromise Continue to Rise

In a report recently authored by ProofPoint, has delivered some staggering findings for businesses.

Between Q4 2017 and Q4 2018, there has been an explosive 476% growth in Business Email Compromised attacks, while the number of email fraud attempts against companies increased 226% QoQ.

Business email compromise (BEC) is a form of email fraud. Typically it involves targeting employees with access to company finances and using social engineering to trick them into making money transfers to the bank accounts of the fraudster. Often email spoofing is used to create an email pretending to be from the CEO or a trusted customer.

From recent reports, businesses of all shapes and sizes are coming under increasing attacks from hackers around the world.

Now we have hard data that shows us exactly how big of an increase we’re seeing.

Here are some of the key findings in the report:

  • Ransomware dropped even further in Q4 to just one-tenth of 1% of overall malicious message volume.
  • Malicious messages bearing credential stealers or downloaders collectively jumped more than 230% year over year.
  • In Q4, we still observed a 150% increase in social engineering detections on our worldwide network of IDS sensors; while this is a slower growth rate than observed in previous quarters, it continues to demonstrate a trend towards social engineering even as EK activity has remained low
    Banking Trojans remain the top email-borne threat in Q4, making up 56% of all malicious payloads in Q4; Emotet comprised 76% of all banking Trojan payloads.
  • Remote access Trojans accounted for 8.4% of all malicious payloads in Q4 and 5.2% for the year, marking a significant change from previous years in which they were rarely used by crimeware actors.

ProofPoint top recommendations from the threat report are the following:

  • Assume users will click. Social engineering is increasingly the most popular way to launch email attacks, and criminals continue to find new ways to exploit the human factor. Leverage a solution that identifies and quarantines both inbound email threats targeting employees and outbound threats targeting customers before they reach the inbox.
  • Build a robust email fraud defence. Highly targeted, low-volume business email compromise scams often have no payload at all and are thus difficult to detect. Invest in a solution that has dynamic classification capabilities that you can use to build quarantine and blocking policies.