Exploiting an existing relationship between a victim and organization, Business Email Compromise (BEC)
attacks are a specific form of financially motivated phishing attacks. In our third annual update on the
state and evolution of BECs, we find that BECs have remained the most costly cyber attack, resulting in
millions in damages, and surpassing reported costs from ransomware attacks.
By now, BEC has become a fairly well-recognized term in many industries so we will omit a detailed breakdown of BEC types in this report. (For those who are interested, we’ve previously broken down the various BEC types in our previous ebook, “BEC in 2021: Supply Chain-Based
Phishing Attacks on the Rise.”) Law enforcement has also made progress in bringing BEC actors to justice.
Recently, several perpetrators of international BEC rings have been apprehended, including participants in a $10 million laundering operation and SilverTerrier, a large Nigerian cybercrime gang that’s amassed over 800,000 stolen passwords from 50,000 targets.
Yet despite the many years they have been in the public purview, these phishing attacks, ranging from
the absurdly simplistic to well-researched “long cons,” BECs continue to evade security systems and
reach victims.
Why? Much of this is due to the still constantly evolving nature of BECs and threat actor techniques. We’ve previously reported on attackers abusing COVID-19 vaccine availability and other timely events as lures. The relative ease, low cost to execute and profitability is also attractive for cyber gangs, including nation-state hacking groups looking to “broaden their horizons.”
For more about the current state of BEC attacks and how to effectively stop them, read on.
