Business Email Compromise is a multi-billion dollar business, representing 43% of all cybercrime last year. Despite it being dwarfed in the news by ransomware, it represents a growing threat.
We’ve seen recent rises in BEC activity – along with a number of other cyberattacks – in both frequency and cost. But BEC tends to get lost in the shuffle; particularly when ransomware news has ransoms in the millions of dollars and seems to happen every day. But BEC is just as impactful a cyberattack and, from the latest data, seems to be happening quite frequently.
Keep in mind that most BEC attacks are limited in scope to the one and only CFO in your organization or a small group of individuals in the finance department. The good news is as the organization grows, the number of BEC attacks won’t necessarily increase. The bad news is that threat actors only need to focus on a few people to be successful.
In addition to enterprises having a high probability of attack, according to Abnormal Security’s Q3 2021 Email Threat Report, businesses of every size are at risk:
- Small organizations under 500 employees have a 42% probability of receiving a BEC attack each week
- Mid-sized organizations, a 60-70% chance
Part of this growth is the expansion in operational methods used by cybercriminal groups seen on the dark web. Posts on cybercrime forums have been spotted that attempt to recruit or outsource functions related to BEC scams – particularly those looking for native-English speakers to help improve the credibility and efficacy of social engineering elements in BEC attacks.
Because BEC relies pretty heavily on social engineering and spoofing companies, domains, and/or an individual, putting employees through Security Awareness Training is an effective way to minimize the threat surface of phishing attacks and stop BEC attacks before they have an opportunity to make an organization a victim.
Can hackers spoof an email address of your own domain?
Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit “CEO Fraud”, penetrating your network is like taking candy from a baby.
Now they can launch a “CEO fraud” spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.
Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/domain-spoof-test-partner?partnerid=001a000001lWEoJAAW