Business email compromise (BEC) attacks are a form of cyber crime which use email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome. Such attacks are a huge blow to an organization’s cybersecurity and have serious consequences for the targeted organization.
However, a new trend in BEC attacks has been observed by the security researchers in recent days. Nowadays, scammers are targeting Wall Street investors, the financial and investment community including stock exchanges, large banks, brokerages, securities, and underwriting firms with the help of fake capital calls and notices requesting payment for counterfeit investments to earn much more money than a simple BEC scam.
While the average target payout in a normal BEC scam is $72,000, attackers can earn $809,000 from victimized investors. BEC attacks requesting aging accounts receivable reports from targeted employees have seen a recent upsurge. Attempts at tricking targeted employees into making fund transfers have also been observed.
The increasing sophistication of attackers in BEC attacks and other forms of cybercrime indicates the expertise of cyber attackers at breaching every security defense set up against them. BEC attacks are just the initial attack vectors with the help of which attackers can enter and take control over an organization’s entire network and damage all the operations. Hence, a multi-layered security approach must be adopted by all the firms to prevent such attacks.