Industry Updates

Large Increase In Business Email Hacking Incidents

Given the rate of increase in the number of hacking attacks, it was predicted early on that 2018 would be another record setting year. That came with more hack attempts and more successful attacks than were seen in 2017.  Sadly, that prediction proved to be correct.

What few people had anticipated, however, was how big of an increase we’d see.

While the number of attacks generally increased throughout 2018, few areas saw more explosive growth than BEC, which stands for Business Email Compromise attacks.  Those hacks accounted for a mind-boggling 476 percent surge between the fourth quarter of 2017 and the fourth quarter of 2018.  To give that number some context, by comparison, the number of email fraud attempts against businesses also increased by by just 226 percent over the same period, which while staggering, is paltry by comparison.

BEC attacks therefore win the dubious honor of being the fastest growing security risk on the current threat matrix, and the most likely type of attack that businesses are likely to experience.

These are, at their core, social engineering attacks that target specific employees of a firm, typically in the company’s finance department.  The goal is to convince them that they’re dealing with a vendor the company regularly does business with and convince them to send large sums of money. This is typically via wire transfer to accounts that, at first glance, appear to be legitimate vendor accounts, but which of course are controlled by the attackers.

While less sophisticated attacks rely on poisoned files or URLs to do their damage, these attacks rely on trust and psychology.  As such, they’re significantly more difficult to spot, which is one of the many reasons they can be so devastating.  By the time the victims realize what has happened, it’s far too late.

Vigilance is the only real way to combat this form of attack, so be sure your employees understand the risks and that they are are on their guard. Lastly, verify any significant transfer of funds in person.  Better to be safe than sorry.