Report Shows Pressing Danger of BEC Attacks
In its Email Fraud Threat Report: Year in Review 2017, Proofpoint (Wombat’s parent company) highlights the rise of business email compromise (BEC) attacks during the course of 2017. The report draws from analysis of more than 160 billion emails sent to more than 2,400 organizations across 150 countries. Following are some of the key findings related to these specialized phishing attack patterns:
More Organizations Were Targeted More Frequently Than in 2016
- 8% of companies faced at least one email fraud attack in Q4 2017, compared to 75% in Q4 2016.
- Organizations received, on average, 18.5 BEC attacks per quarter in 2017, a year-over-year increase of 17%.
- Q3 and Q4 of 2017 were two of the three highest-volume quarters Proofpoint has ever recorded for email fraud.
Attackers Are Targeting More Roles Within Organizations
- 47% of organizations saw more than five identities spoofed in Q4 2017, nearly double that of Q3 2017.
- On average, about 13 individuals within a given organization were targeted in BEC attacks in Q4 2017.
- Attackers are more regularly moving beyond CEO-to-CFO spoofing to target business groups like HR and accounts payable.
Attackers Don’t Discriminate Based on Business Size or Industry
- Proofpoint researchers saw “almost no connection between company size and how often it is targeted by email fraud.”
- Though organizations in the financial services, manufacturing, healthcare, and energy/utility sectors face a slightly higher frequency of attacks, researchers “saw a mostly uniform spread of email fraud attempts across industries.”
Subject Lines and Tactics Are Becoming More Varied
- “Payment,” “request,” and “urgent” remain the most popular keywords in the subject lines of fraudulent emails, but Proofpoint saw a 1,850% increase from 2016 to 2017 in BEC attacks that took a “legal” angle.
- More than 11% of email fraud attacks in Q4 2017 used some form of email history fabrication (i.e., they included a “Re:” or “Fwd:” in the subject line, a fabricated reply history, or both).
Spoofed Domains and Display Names Were Leading Attack Techniques
- 93% of organizations were targeted by at least one domain-spoofing attack in 2017.
- 40% of BEC attacks in Q4 2017 featured display-name spoofing via web-based email services, with aol.com and gmail.com being the most commonly utilized sending domains.
Additional Insights Are Available in the Report
For more details about the report’s findings — including statistics related to wire-transfer fraud, tax-related scams, and lookalike-domain spoofing — download a copy of the Email Fraud Threat Report
Our mission to protect our clients from security risks drives us to look beyond the statistics and figures to the people and forces behind them. We seek to understand not only what the attacks are and where they come from but also who is doing the attacking, why, how, and what they plan to do in the future. Along the way, we’ve developed a body of information about the cybercriminal element in all its manifestations — from menacing to innocuous and from clever to foolish. It is this understanding, as much as the trends and patterns we glean from our investigations and data gathering, that informs this report.
This year, we explore several of the criminal schemes and trends that likely have impacted your organization, from sextortion to cryptojacking to CMS exploitation. The Data Compromises section summarizes our findings from the data breach investigations we conducted for clients around the world. In Threat Intelligence, we discuss the latest activity in email threats, web-based attacks, exploits and malware. Lastly, in The State of Security we examine developments in the database, network and application threat landscape.
It is our privilege to present the 2019 Trustwave Global Security Report, our latest contribution to one of the most important crime stories of our time. Use the vast insights and hard data contained in this report to help bolster your security posture and better understand the nature of the threats we face today. No one knows what the next chapter will hold, but we’re always watching.