While ransomware is the cyberattack most feared by businesses, another form of cybercrime is slipping under the radar, one that is proving highly lucrative for internet fraudsters – and costly to business.
A business email compromise (BEC) attack sees cyber criminals use social engineering to trick an employee at a business into transferring a large sum of money to an account controlled by the crooks.
Often these messages pretend to be from someone the victim knows, such as their boss, a colleague or another known and trusted business contact. The attackers can steal hundreds of thousands of dollars just by sending a few emails – and by the time the victim has realized they’ve been duped by cyber criminals, it’s too late.
nd while ransomware is the most high profile form of cybercrime targeting businesses, it’s BEC scams that are the most financially damaging.
“When you look at some of the data that’s come out comparing business email compromise to things like ransomware, business email compromise by far comprises the most amount of financial loss for businesses, all over the world,” Crane Hassold, senior director of threat research at Agari, told ZDNet’s Security Update video series.
The FBI lists BEC as the cybercrime with the highest amount of reported losses, accounting for $1.77 billion in losses during 2019 alone. The losses as a result of ransomware over the same period account for a small amount in comparison $9 million dollars (although more recent ransomware numbers will be significantly higher).
“So while ransomware, gets all the news, it’s nothing compared to the amount of loss that’s caused by business email compromise,” said Hassold.
The lucrative nature of BEC scams is even pushing some cyber-criminal operations away from malware and ransomware attacks and towards wire-transfer fraud. One of these is a Russian-based hacking group that Agari identifies as Cosmic Lynx – they used to distribute malware attacks, but now they’re making much more money with phishing and email fraud.
“What we’ve seen over the past few years is that the cyber criminals have realized that their more technically sophisticated attacks have become less successful. And so what the cyber criminals have done is they’ve become less technically sophisticated in their attacks,” said Hassold.
“Thinking about this as a business from an overhead perspective, there’s not really much behind the scenes with a BEC attack, and so the amount of profit you’re able to make from those attacks is significantly higher,” he added.
One of the reasons BEC is so successful is because the nature of doing business online means actions often need to be taken quickly – and with more people working remotely than ever before, checking to see if that email really came from your colleague is more difficult.
However, if an organisation sets up business processes that have to be followed and approval is needed from multiple people in order to send a wire transfer, it could go a long way to preventing BEC attacks.
“If there’s an established process for wire transfer and for wire-transfer requests, then a lot of BEC attacks would be stopped,” Hassold said.