How cyber criminals execute business email compromise attacks

(IANS) Over 90 percent of business email compromise (BEC) attacks take place on weekdays, with many being sent during typical business hours for the targeted organization to make them more convincing, says a new study.

The research by US-based cybersecurity firm Barracuda Networks showed that 85 percent of business email compromise attacks are urgent requests designed to get a fast response.

The average BEC attack targets no more than six employees and 94.5 percent of all attacks target less than 25 people, titled “Spear Phishing: Top Threats and Trends Vol. 3”.

“Attackers continue to find new ways to make business email compromise attacks more convincing, ultimately making them more costly and damaging to businesses,” Don MacLennan, Senior Vice President, Email Protection, Engineering, and Product Management, Barracuda, said in a statement.

“Taking the proper precautions and staying informed about the tactics cybercriminals are using will help organizations defend themselves more effectively against these highly targeted attacks,” MacLennan said.

The report noted that business email compromise makes up a small percentage of spear-phishing attacks, but it has cost businesses more than $26 billion in the past four years, according to the Federal Bureau of Investigation (FBI) in the US.

Business email compromise attacks have high click-thru rates. One in 10 spear-phishing emails successfully tricks a user into clicking. That number triples for BEC attacks that impersonate someone within the organization.

In the past 12 months, the average amount lost per organization due to spear-phishing attacks was $270,000, said the report.

Was it worth reading? Let us know.