85% of Organizations Targeted By At Least One Business Email Compromise (BEC) Attack in Q1 2017, Up 10% from Q4 2016

June 14, 2017
Ryan Terry

Business email compromise (BEC) threats maliciously spoof trusted relationships – such as executives or business partners – to trick people within an organization into sending money or sensitive information to the attacker.  BEC is on the rise and is having a significant impact on its victims. Through extensive research conducted over thousands of our enterprise customers, Proofpoint found that 75% of organizations were targeted by these attacks in Q4 2016 and new findings show that number jumped 10% in Q1 2017. In May of this year, the FBI reported more than $5.3B in losses due to BEC – impacting more than 40,000 organizations around the world. And based on the additional Q1 2017 research findings, there are no signs of this threat slowing down.

BEC is a big challenge

In the first three months of this year, nearly 85% of organizations were targeted by at least one BEC message. That is a 13% increase from the previous quarter. We’re not only seeing an increase in the number of organizations being targeted, but we’re also seeing a rise in the number of malicious messages aimed at these organizations. On average, attackers are now spoofing four people per organization and the number of people targeted has increased by 50%. Because BEC attacks are successfully carried out through a low volume, highly targeted approach, these increases demonstrate the growing concern around this problem.

All companies are at risk

BEC actors consistently target companies of all sizes and in all geographical locations. Our research indicates no correlation between the size of the company and the number of BEC messages directed at them. Every industry vertical is at risk, but technology companies and companies with more complex supply chains (e.g. manufacturing), are targeted more frequently with an average of more than 40 BEC attempts per organization.

Cybercriminals are becoming more sophisticated

BEC attackers are proving to be relentless in their efforts to reach the targeted victims. They use various tactics and techniques to evade detection and trick people within organizations. While most impostor emails involve wire transfer fraud, we saw a 3,400% spike in W2 scams in the first quarter of 2017 as the U.S. tax year came to an end. BEC actors also take on different personality types to encourage urgency and increase the appearance of legitimacy. For example, in Q1 2017, 8% of BEC messages included a fake email chain and false approvers in an effort to make the scam more believable.

And in terms of spoofing techniques, domain-spoofing still leads the pack and accounts for more than half of all BEC messages. This technique makes the email appear to be coming from within the organization or from a trusted partner, when in reality, it’s coming from a criminal. This technique is followed by display name spoofing (45% of BEC attacks), lookalike domain spoofing, and partner spoofing techniques.

Learn more

To learn more about the BEC threat landscape, read the full Business Email Compromise Quarterly Update here: https://www.proofpoint.com/sites/default/files/pfpt-us-ds-bec-quarterly-update.pdf

For more information about how to protect yourself from BEC attacks, visit our BEC site here: www.proofpoint.com/BEC