BEC Attacks that Compromise Email, responsible for 27% of Cyber-Attack Casualties

Antonio Rentero,
Linkedin

Phishing is still the king of threats, with 38% of reports to the FBI in 2022, an 84% incidence worldwide and 90% in Spain.

Cybercrime does not cease its activity and its methods of committing crimes are becoming increasingly sophisticated. A recent FBI study indicates that economic losses due to electronic fraud have more than doubled in just two years, from 4.2 billion dollars in 2020 to 10.3 billion dollars in 2022. It also highlights the vulnerability of corporate email or BEC (Business Email Compromise) attacks, which have become one of the most effective strategies used by cybercriminals, accounting for 27% of cybercrime losses.

These BEC attacks typically involve tricking company employees into sending funds to fraudulent bank accounts. Last year, global businesses lost more than $2.7 billion to these scams, about $300 million more than in 2021, representing losses almost 80 times greater than those from ransomware. Each BEC incident can cost the affected company around $124,000.

10% annual growth in victims

The number of victims of BEC attacks is also growing year on year, by almost 10 %. According to Proofpoint’s State of the Phish 2023 report, 75% of respondents said their organisation had suffered at least one BEC attack by 2022. In Spain, 90% of companies experienced a BEC attack in 2022, up 13% from the previous year. This may be due to the increased use of languages such as Spanish in these threats.

Among the most common scams are those involving supplier emails, payroll redirection or real estate fraud, although they are gradually giving way to more sophisticated tactics. The FBI has detected cases of cybercriminals convincing victims to send funds to cryptocurrency platforms; spoofing phone numbers of legitimate companies to give fraudulent bank details to users; or impersonating public administration.

Phishing is still king

On the other hand, phishing remains the king of threats, with 38% of complaints to the FBI in 2022, as well as an incidence of 84% worldwide and 90% in Spain, according to Proofpoint reports on the same year. Ransomware attacks decreased by 36% according to reports received by the FBI, which could be considered good news, although experts suspect this is due to under-reporting by victims.

However, Proofpoint’s State of the Phish report indicates that 64% of global organisations claimed to have been infected by ransomware in 2022, while in Spain 89% experienced at least one ransomware attack attempt.