Ride the Lightning

Mimecast Report: 80% Increase In Business Email Compromise Attacks

September 20, 2018

The recently released Mimecast Email Security Risk Assessment report shows that BEC (business email compromise) attacks have increased by 80% in the past quarter. A very short time for such a large increase – but it mirrors what we are seeing.

BEC scams target organizations to try to compromise the email account of a victim and get personal data, payroll information, or funds. Attackers often pose as senior executives or CEOs to trick the victim and gain access. CEOs are so often impersonated that these attacks are often called "CEO fraud."

A key finding from the report was that more than 200,000 malicious links were found in 10 million 'safe' emails, averaging 1 malicious link in every 50 emails that were deemed 'safe' by email security systems.

Matthew Gardiner, cybersecurity strategist at Mimecast, was quoted as saying, "Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter-on-quarter. These are difficult attacks to identify without specialized security capabilities, and this testing shows that commonly used systems aren't doing a good job catching them."

Why are they so hard to catch? Most of them do NOT have malicious links. Their success depends on convincing the email recipient that he/she is communicating with, for instance, the CEO who then directs them to wire funds or send out company W-2s or other confidential data.

While technology can help, it is imperative to train employees about BECs and to make sure they confirm wiring instructions or an order to send out highly confidential data in-person with the supposed sender or by phone at the number known to be the sender's number (not a number given in the email!).

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson