Business Email Compromise (BEC) poses a significant security and financial threat to businesses worldwide. In a recent announcement, the FBI revealed that BEC attacks have resulted in over $50 billion in losses across 177 countries in the past nine years. The numbers are alarming, with a 17% increase in losses globally between December 2021 and December 2022.
Why are BEC attacks so effective? These attacks can be challenging for traditional security tools to detect. As a result, they often reach employees’ email inboxes, making it easier for them to fall victim to these scams. The FBI’s data highlights the potential devastation caused by BEC attacks worldwide. But how does this threat differ across regions? Are some parts of the world more successful in dealing with BEC attacks than others?
Abnormal, a company that analyses attack trends, recently examined data from their platform over the past year, specifically focusing on the United States and Europe. Their findings revealed a significant discrepancy in the number of attacks between these two regions, with one region experiencing a much higher volume of attacks than the other.
Between June 2022 and May 2023, Europe experienced a rise in email attacks across various categories. These attacks included traditional Business Email Compromise (BEC) tactics such as impersonating senior management, vendor-focused fraud involving invoices and payments, and activities like phishing for credentials, spreading malware, and extortion attempts.
The increase in email attacks shouldn’t come as a surprise, as cybercriminals are becoming more sophisticated with each passing day. Moreover, the availability of advanced AI tools like ChatGPT and other generative AI platforms has made it easier for attackers to launch more sophisticated attacks, contributing to a steady growth in email-based threats over time. However, the rate at which these attacks increased was particularly noteworthy, especially in Europe.
When analysing attack trends, Abnormal considers the number of attacks per one thousand mailboxes to provide a fair comparison. In June 2022, in Europe, attacks skyrocketed sevenfold. In June 2022, there were around 392 attacks per 1,000 mailboxes, but last month, the number surged to 2,842 attacks, surpassing the total number of attacks recorded in Europe for the first time.
When we examined the likelihood of organisations receiving Business Email Compromise (BEC) attacks, including the vendor-focused subset known as VEC attacks, we observed an expected increase throughout the year in both the United States and Europe. However, there was a notable difference between these regions. While the upward trend remained relatively consistent in the US, Europe experienced sudden spikes in BEC and VEC attacks, particularly in August.
So, what could be the reason for this pattern? And why does it primarily affect Europe and not the United States?
One possible explanation relates to cultural differences, particularly regarding summer holidays. August is widely recognised as the most popular time for Europeans to take a break from work. Consequently, during this period, employees still checking their emails may be more distracted and inclined to complete actions from their mobile devices, even actions they would hesitate to take under normal circumstances. Exploiting this situation, attackers send BEC, VEC, and phishing attacks, knowing that employees are more likely to respond to emails containing urgent instructions.
In summary, the higher susceptibility to attacks in Europe during August can be attributed, in part, to the cultural practice of summer holidays, which increases the likelihood of distracted employees responding to malicious emails.
Analysing email attack trends across different regions provides valuable insights into unique vulnerabilities that exist worldwide. It teaches us important lessons, such as the need for heightened vigilance during summer holidays for example.
However, despite the variations in regional trends, one undeniable fact stands out: email threats, especially BEC attacks, are increasing globally. It doesn’t matter where you or your employees are located; it is crucial to prioritise measures that ensure your organisation’s robust protection.
To combat these evolving threats effectively, organisations require modern email security solutions capable of detecting contemporary attacks. These solutions should identify even subtle changes in activity and content that might indicate a potential attack. Leveraging artificial intelligence and machine learning, an advanced email security platform can establish a baseline of expected behaviour among employees and vendors. This baseline allows the system to swiftly detect and address malicious emails, including sophisticated and socially engineered BEC emails, before they ever reach employee inboxes.
Download our free Business Email Compromise Guide for proactive steps to minimise the likelihood of falling victim to Business Email Compromise (BEC) attacks. Additionally, the guide offers practical remedial measures if your organisation experiences a BEC attack, minimising the impact of such incidents.
https://abnormalsecurity.com/blog/bec-attacks-europe – Published June 21st
Finnish authorities have exposed a sophisticated Android malware campaign designed to steal banking credentials and drain victims’ accounts. While the attacks are currently concentrated in…
A criminal network known as BogusBazaar has emerged as a major threat to online shoppers. This operation has lured hundreds of thousands of victims across…
WordPress website owners and administrators should be aware of a recent surge in attacks exploiting a security vulnerability in older versions of the popular LiteSpeed…
