Business Email Compromise

The total amount cybercriminals attempted to steal via business email compromise (BEC) scams rose to an alarming average of US$301 million per month — a substantial increase from the US$110 million monthly average that was tracked in 2016.

The government of the City of Griffin, Georgia, lost over US$800,000 to a business email compromise (BEC) scam last month.

BEC threat actors are expanding from their traditional enterprise victims toward nonprofit and religious organizations, with a recent incident involving a church.

A new business email compromise (BEC) scheme, where attacker tricks the recipients into rerouting paychecks by direct deposit, has emerged.

The threat actor London Blue has been refining its BEC techniques and expanding its scope for both targets and regions.

A business email compromise (BEC) scheme took more than $100 million from Facebook and Google. Legitimate-looking invoices, contracts and more fooled the two tech companies and they wired millions to the fraudsters over a period of years.

Brute-force attacks against user accounts in cloud services prove that multifactor authentication is only one part of an effective multilayered security implementation.

As cybersecurity technology becomes better at detecting email-based threats, attackers continue to employ leveled up social engineering tactics – such as phishing – to increase the likelihood of users falling for fraud, identity theft, or spoofing.

To provide organizations a comprehensive view of the email threat landscape, we look at notable occurrences of advanced email threats used by cybercriminals as well as advanced security techniques that can effectively defend against them.