This week, Cabarrus County, North Carolina, announced that it lost US$1.7 million to a BEC scam after a series of email exchanges that began in November 2018.
The total amount cybercriminals attempted to steal via business email compromise (BEC) scams rose to an alarming average of US$301 million per month — a substantial increase from the US$110 million monthly average that was tracked in 2016.
BEC threat actors are expanding from their traditional enterprise victims toward nonprofit and religious organizations, with a recent incident involving a church.
A business email compromise (BEC) scheme took more than $100 million from Facebook and Google. Legitimate-looking invoices, contracts and more fooled the two tech companies and they wired millions to the fraudsters over a period of years.
Brute-force attacks against user accounts in cloud services prove that multifactor authentication is only one part of an effective multilayered security implementation.
As cybersecurity technology becomes better at detecting email-based threats, attackers continue to employ leveled up social engineering tactics – such as phishing – to increase the likelihood of users falling for fraud, identity theft, or spoofing.