On June 14, the FBI once again increased its estimate of exposed losses caused by business email compromise (BEC) attacks to $3.1B worldwide. While the value continues to grow to a staggering amount, the rate at which it is increasing is also dramatic. Since January 2015, there has been a 1,300% increase in identified exposed losses, with victims in more than 100 countries.
For IT security teams this issue is extremely high profile—it goes straight to the boardroom. Top executives are personally getting spoofed and tend to take the BEC issue even more seriously than the financial impact would dictate. Some are even losing their jobs. It doesn’t matter where in the world you are; your executives are a potential target for this threat.
It’s clear that the success rate of business email compromise, or impostor email, is driving an increase in the attack volume; however, as impostor email is highly targeted, only a very low number are sent to any particular company for each attack. Therefore attackers must target a very large number of victim companies, while hoping to remain undetected. The FBI believes the number of companies impacted by impostor email is now well over 22,000.
The need to protect organizations, both large and small, from BEC threats has never been greater. It is important that companies use different techniques covering technology, training and process to maximize the chance of evading these attacks. Also, consider using an email security solution that can dynamically identify impostor emails before delivery. To save critical protection time, classification tools must not involve requiring administrators to build and maintain lists of users, potential email content and other static items. Dynamic classification offers increased security—without the management overhead increase.
For tips on how to combat the BEC threat, please visit https://www.proofpoint.com/uk/threat-reference/business-email-compromise.