skip to Main Content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Enterprise Organizations Have as Much as an 85% Chance of Receiving a BEC Attack Every Week

    Enterprise BEC Attack

    Business Email Compromise is a multi-billion dollar business, representing 43% of all cybercrime last year. Despite it being dwarfed in the news by ransomware, it represents a growing threat.

    We’ve seen recent rises in BEC activity – along with a number of other cyberattacks – in both frequency and cost. But BEC tends to get lost in the shuffle; particularly when ransomware news has ransoms in the millions of dollars and seems to happen every day. But BEC is just as impactful a cyberattack and, from the latest data, seems to be happening quite frequently.

    Keep in mind that most BEC attacks are limited in scope to the one and only CFO in your organization or a small group of individuals in the finance department. The good news is as the organization grows, the number of BEC attacks won’t necessarily increase. The bad news is that threat actors only need to focus on a few people to be successful.

    In addition to enterprises having a high probability of attack, according to Abnormal Security’s Q3 2021 Email Threat Report, businesses of every size are at risk:

    • Small organizations under 500 employees have a 42% probability of receiving a BEC attack each week
    • Mid-sized organizations, a 60-70% chance

    Part of this growth is the expansion in operational methods used by cybercriminal groups seen on the dark web. Posts on cybercrime forums have been spotted that attempt to recruit or outsource functions related to BEC scams – particularly those looking for native-English speakers to help improve the credibility and efficacy of social engineering elements in BEC attacks.

    Because BEC relies pretty heavily on social engineering and spoofing companies, domains, and/or an individual, putting employees through Security Awareness Training is an effective way to minimize the threat surface of phishing attacks and stop BEC attacks before they have an opportunity to make an organization a victim.


    Can hackers spoof an email address of your own domain?

    DST

    Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit “CEO Fraud”, penetrating your network is like taking candy from a baby.

    Now they can launch a “CEO fraud” spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

    Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/domain-spoof-test-partner?partnerid=001a000001lWEoJAAW

    close

    Sign Up to the TIO Intel Alerts!

    Back To Top