Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Business Email Compromise (BEC) Threat Identified as the Most Common Threat Vector

July 1, 2021

CISOMAG reports that business email compromise (BEC) attacks have become the most common email threats. This type of attack is when a threat actor steals the credentials of targeted business email accounts and uses them later to launch phishing or social engineering campaigns on unknowing employees. CISOMAG cites the 2021 Business Email Compromise Report (download required) from GreatHorn.

The report notes that the most common types of BEC attacks are spoofed email accounts at 71% and spear phishing at 69%. In 49% of BEC attacks, the threat actors are spoofing an identity in the email’s display name to make the email look like it is coming from a trusted source. In the spear phishing emails, 68% were using the company’s name, 66% were using an individual’s name, and 53% were using a boss or manager’s name to trick employees into following the instructions.

Of the surveyed IT security pros, 65% of them state that in 2021 their organization experienced spear phishing. CISOMAG reports that “[the] report is based on the responses of 270 IT and cybersecurity professionals in the U.S., involved in fighting against BEC attacks and related email threats.”

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology