August 9, 2023
Today, we are going to delve into a crucial topic in cybersecurity: BEC phishing, also known as Business Email Compromise phishing, and the close link of this attack method with identity impersonation. These two sophisticated attack methods have gained popularity in recent years due to their ability to deceive even the most vigilant users, resulting in significant financial and data losses for the organizations falling victim to them.
BEC phishing is an advanced form of phishing attack that specifically targets businesses and organizations. Unlike traditional phishing attacks, where cybercriminals mass-send phishing emails to a large number of targets, BEC phishing focuses on social engineering and manipulation to target specific individuals within an organization.
The way hackers are operating in such attack is as follows:
urbank
domain name.
BEC-type attacks have witnessed a substantial increase both in terms of volume and financial impact. For instance, according to the annual report by the online security platform "Proofpoint," BEC attacks have grown by an average of 80% each year between 2016 and now. Source: Proofpoint 2023 State of the Phish Report.
Furthermore, the FBI has reported a significant rise in financial losses associated with BEC attacks. According to the FBI's Internet Crime Complaint Center (IC3) report, global financial losses due to BEC attacks exceeded 26 billion dollars since 2016. Source : FBI IC3 2023 Internet Crime Report.
More details on these trends are available in our blog article 2023 will be on the rise in terms of phishing attacks!.
Business Email Compromise (BEC) phishing and identity theft are closely intertwined, as identity theft serves as the foundational strategy to effectively carry out BEC attacks. The fusion of social engineering, customization, and psychological manipulation within the realm of BEC phishing makes the attacks more persuasive and harder to detect, thereby escalating the risks for targeted businesses and individuals.
These types of attacks pose a significant danger to businesses due to their sophistication, precise targeting, and ability to exploit human vulnerabilities. It is imperative for companies to establish prevention strategies and enhance verification protocols. By combining robust security technology with a proactive cybersecurity culture, organizations can better defend themselves against this rapidly growing threat.
Learn more on how LetzRelay-MX can help your organization be secured with Internet inbound emails and be protected against these types of attacks.