Business Email Compromise

Business Email Compromise and Ransonware

According to the 2017 Global Threat Intelligence Report by NTT Security, Business Email Compromise (BEC) cost businesses far more per incident than ransomware. In 2016, The FBI’s Internet Crime Complaint Center reported losses to BEC scams at nearly 3.1 billion dollars. Losses are now projected to exceed 9 billion dollars. With world-wide cybersecurity spending projected in excess of 95 billion dollars, it’s a wonder how this unsophisticated threat is causing so much pain in the pocket-book. It’s important to note that most users don’t understand how common these attacks are and the financial impact they have. Unlike malware attacks, BEC scams rely mainly on social engineering, deception, and psychological manipulation to trick end-users. Cybercriminals study their targets, are able to identify the individuals responsible for financial transactions, and are able to mimic policies and protocols necessary to perform financial transactions. Most attacks are carried out using spoofed or hacked emails from known users with content mimicking a legitimate request. Since most network security solutions are designed to detect malware and malicious links in email, these threats are making it directly into end-user mailboxes and leaving what happens next in the hands of, sometimes naive, email recipients. Because these attacks rely primarily on exploiting human emotions, end-users need to play a vital role in defending against them. End-user awareness and education are keys to creating a culture of caution and preventing these attacks.