Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Why business email compromise still tops ransomware for total losses | #phishing | #scams | #hacking | #aihp

While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques—business email compromise (BEC).

Enterprise security has skewed toward ransomware in recent years, but FBI data highlights that  enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.

While the average financial loss from a BEC scam is much lower than the average ransom requested in a ransomware attack, email compromises are technically easier to implement. The result is that   business email compromises far outnumber ransomware attacks.

Business email compromise arises when criminals access the email account of an otherwise trustworthy employee, says Paul Ducklin, principal research scientist at Sophos. “The problem here, unlike traditional phishing attacks, is obvious: the fake messages devised by the crooks actually do come from that employee’s real email account. Worse still, the crooks get to read that person’s messages before they do, so that if you send an email to query strange requests that they make, or even to ask them outright if they are in control of their account, then the crooks simply delete those messages and reply in a reassuring way. As a result, the true recipient never sees the warning signs, and you never find out the truth.”

In 2021, the FBI’s Internet Crime Center received 19,954 BEC complaints. It initiated action on 1,726 BEC complaints involving domestic to domestic transactions with potential losses of $443 million. A hold was placed on approximately $329 million—typically by identifying and freezing the bank account used by the hackers, so that no money can be withdrawn.

Ransomware continues to overshadow BEC attacks

If BEC attacks are indeed so widespread, the obvious question is why we don’t hear about them more often. One of the reasons is that businesses rarely report such attacks. 

Copyright © 2022 IDG Communications, Inc.

Click Here For The Original Source.


National Cyber Security