CAMPBELL, Calif.—Business email compromise (BEC) attacks—one of the most prevalent types of cyberfraud—are getting much harder to fight, according to one company.
After reviewing 3,000 random BEC attacks from 50 companies, cybersecurity firm Barracuda found that 60% didn't include a phishing link—making these scams more difficult to detect and block.
BEC scams are used to gain access to a business email account and imitate the owner's identity in an effort to defraud a company. The data show that the most common BEC scam remains attempts to get the recipient to do a wire transfer to a bank account owned by the attacker, the Barracuda report shows.
Of these scams, 0.8% of the attackers asked the recipient to send them personal identifiable information (W2 forms with Social Security Numbers), 40% of attackers asked recipients to click a link and 12% of attackers tried to establish some rapport with the target by starting a conversation.
No Link
The fact that 60% of BEC scams do not involve a link make these emails "especially difficult for existing email security systems, because they are often sent from legitimate email accounts, tailored to each recipient, and do not contain any suspicious links," Barracuda explained.
Also of note, about 43% of the attackers took on the false identity of the company's CEO or founder, the company found.
Barracuda also provides some tips to avoid becoming a victim of a BEC scam.