At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Business Email Compromise-as-a-Service Emerges as Attempted Fraud Soars to as High as $6 Million

    BEC Emerges as Attempted Fraud Soars

    BEC scammers set their sights on payoffs in the millions of dollars, and are following the path of their ransomware counterparts by evolving services while organizations struggle to keep up.

    It shouldn’t come as a surprise (if you’ve been following the evolution of cybercrime) that we’re now seeing cybercriminal gangs looking for additional ways to elevate their own work into a service that can be utilized by others. We saw ransomware-as-a-service grow in popularity over the last two years; it should be expected that other types of cybercrime would follow suit.

    In an interview with ZDNet, Deputy Director of Threat Intelligence for Palo Alto’s Unit 42, Jen Miller-Osborn highlights BEC taking the same path as that of Ransomware:

    “Similar to ransomware, we’re seeing an increasing number of attackers getting into BEC, and we’re also seeing it mature into — like Ransomware-as-a-service — BEC-as-a-service. They’re becoming more tech-savvy. They’ve been in the commodity space and are starting to include publicly disclosed vulnerabilities. They’re becoming more professional.”

    According to an analysis of BEC attacks since 2020 by Unit 42, the average wire fraud attempted was $567,000 with the highest at over $6 million. Because these attacks are almost exclusively email-based, Unit 42 offers some best practices for mitigating such attacks, including:

    • Use of multi-factor authentication – both Microsoft and Google offer MFA for their email platforms. Use of MFA would shut down an attacker’s ability to have continual access to a victim account.
    • Disabling Client-Side Forwarding – a trick used by attackers to have sensitive intel found in emails automatically forwarded to them, client-side forwarding can be a source of assistance to the threat actor, making it a focus for possible disabling.
    • Logging and Event Monitoring – watching for unusually high administrative or user activity within email platforms and finance applications can help identify potential fraud.
    • Security Awareness Training – even Unit 42 says “end users are commonly the weakest link in security incidents”. Educating them on phishing tactics, campaigns, and themes helps users instantly spot content designed to trick them into giving up credentials.

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top