The Business Email Compromise Growth Trends Continue
One of our leading trends for 2018 was the continued growth of Social Engineering Attacks, specifically Business Email Compromise (BEC). Proofpoint recently released a report analyzing its full data from 2017, and the numbers certainly show that BEC continues to grow rapidly. More companies are receiving more of these fraudulent emails and more often.
Proofpoint analyzed 160 billion emails sent to over 2,400 companies across the world and found some alarming numbers.
Companies received 17% more fraudulent emails on average, year over year.
The last two quarters in 2017 were 2 of the 3 biggest ever for fraudulent emails.
The Threats Were Across the Board
Nearly 90% of Companies were targeted by a BEC Threat in the last quarter of 2017. Odds are pretty high that you’ll get a BEC email in 2018.
It didn’t matter the industry you were in, Q4 2017 was a bad one. Aside for financial services, other major industries saw increases in attacks. It was also interesting to see that financial services were down – this could likely be because it’s been the largest victim to date, meaning it is either adapting (ie improving security and improving procedures) or that attackers are launching fewer but more effective attacks, and have effectively torn off the “low-hanging fruit” leaving only more sophisticated email frauds to execute.
Dramatic Increase in W-2 Fraud
There was a 800% increase in cases of W-2 fraud reported to IRS’s Online Fraud Detection & Prevention (OFDP) office — which manages email@example.com.
W-2 Scams are a frightening because of the potential scale of a successful attack. A successful attack can result in hundreds if not more instances of identity theft. Nearly 30,000 people were victims in 2017. This number might be under-reported when it comes to email as well, often placed in the broader category of data theft and tax fraud that most public reporting uses.
While we might not know the extent of the damage until the FBI releases it’s reports on the damage, estimates are that BEC could cost global business $9 Billion in 2018. That’s huge.
How to Avoid Being the Next BEC Victim
You can read more about our recommendations on avoiding being a victim of Business Email Compromise here, but in summary:
- Use a reliable email security solution to filter subject lines (and raise flags)
- Use DMARC to avoid spoofing
- Look at sent from and reply to emails with suspicion
- Use MFA to ensure you have failsafes
- Use DLP to make sure that sensitive info isn’t sent out to unintended parties.
- Educate your teams