Search here...
SUBSCRIBE
Security

How Business Email Compromise Attacks Threaten Organizations

Share post:

TND News Desk
TND News Desk
1 min.

Email is one of the most important tools used by cybercriminals to launch attacks against organizations.

A particular tactic often used by criminals is the Business Email Compromise (BEC), where the fraudster forges a trusted contact to defraud a business.

The “The 2021 Business Email Compromise Report” by security provider GreatHorn focuses on the latest BEC campaigns. Based on an online survey of 270 IT and cybersecurity experts in the U.S. from May 2021, the report highlighted various trends, challenges and gaps in the fight against BEC attacks and related email threats.

71% of respondents pointed to BEC attacks that manipulate e-mail accounts or websites.

69% cited spear-phishing, which targets specific individuals or roles in an organization, with the most targeted department funded, followed by the CEO and then the IT group.

Other susceptible departments include HR, marketing and sales.

Another 24% cited malware, in particular, emails containing malicious files or other content.

The survey also revealed an increase in spear-phishing attacks.

65% of respondents said their organization will be affected by these types of attacks in 2021, while 39% of respondents said they now experience spear phishing attempts weeklyly.

Malicious emails remain a threat: one in four respondents said that 76% to 100% of the malware they receive is sent by email.

57% of these malicious links are used to steal internal account data, often from C-suite executives and financial employees. Such links also aim to install malware as a setup for ransomware and payment fraud.

43% of respondents said they had been affected by a security incident in the last 12 months, with many citing BEC and phishing attacks as the source.

As a result, 36% reported that accounts were compromised, 24% that malware was installed, 16% that company data was lost, and 16% reported payment fraud.

Here are some ways to avoid BEC attacks:

  • Focus on defense in depth and not one-stop “anti-phishing” solutions.
  • Identify malicious links in emails.

For more information, read the original story in TechRepublic.

TND News Desk
TND News Desk

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Podcasts

Cyber Security Today, Week in Review for week ending Friday, April 26, 2024

This episode features a discussion on the latest in the Change Healthcare ransomware attack, a vulnerability in an abandoned Apache open source project, the next step in Canada's proposed critical infrastructure cybersecurity law and the future
Podcasts

Cyber Security Today, April 26, 2024 – Patch warnings for Cisco ASA gateways and a WordPress plugin

This episode reports on the malicious plugin worm that refuses to die
Podcasts

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw
Mobility

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways

Subscribe Now

Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Most Popular Categoires

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals - executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways

SUBSCRIBE NOW

© TechNewsDay