Cybercriminals upped their activity against corporations when it comes to email scams. A new Proofpoint report found a 45 percent increase in business email compromise (BEC) attacks during the closing months of 2016.
The extent of BEC activity uncovered by the survey was quite high, with 75 percent of the more than 45,000 companies contacted by Proofpoint reporting at least one BEC incident during the last three months of 2016. Attackers pushed out more sophisticated attacks at a faster rate than the prior year, the report found.
The industries attacked most often from July to December 2016 were manufacturing, retail and technology with Proofpoint researchers speculating that cybercriminals hoped to take advantage of more complex supply chains and SaaS infrastructures that are often used by these companies.
One aspect of the increased sophistication of the attacks included having the malicious actors doing their homework and creating campaigns targeted at specific companies and personnel. This extra legwork resulted in two-thirds of the emails using a domain spoofed from the targeted company and being sent by a familiar name, thus making the email appear even more realistic to an unwary recipient.
Not only is a well-known name being used, the spearphishers have also moved beyond attempting to just spoof senior executives; for example, sending a CFO an email purportedly from the CEO.
Most emails were sent to accounts payable, for wire transfer fraud attempts; to human resources for confidential tax information and identities; and to engineering for intellectual property theft, the survey said.
Careful consideration was also given to the subject lines, with the terms most often used being: urgent, at 30 percent; payment, at 21 percent; and request, at 21 percent, .
Proofpoint also found there was no preference shown on the part of the attacker when it came to hitting a large or small company. The study noted an interesting fact about the size of the target: Larger companies were less likely to fall for the scam due to being more cybersecurity savvy, but a successful attack did pay higher dividends. While the opposite was true of smaller firms.
