{"id":3224,"date":"2022-09-09T09:13:00","date_gmt":"2022-09-09T16:13:00","guid":{"rendered":"https:\/\/dev.trustwrx.com\/?p=3224"},"modified":"2022-10-21T10:13:39","modified_gmt":"2022-10-21T17:13:39","slug":"why-business-email-compromise-still-tops-ransomware-for-total-losses","status":"publish","type":"post","link":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/","title":{"rendered":"Why business email compromise still tops ransomware for total losses"},"content":{"rendered":"\n

Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here’s why BEC is favored by cybercriminals. <\/h2>\n\n\n\n
\"email
MicroStockHub \/ Getty Images<\/figcaption><\/figure>\n\n\n\n

While businesses are busy trying to protect themselves against ransomware<\/a> attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques\u2014business email compromise (BEC)<\/a>.<\/p>\n\n\n\n

Enterprise security has skewed toward ransomware in recent years, but FBI data<\/a> highlights that  enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.<\/p>\n\n\n\n

While the average financial loss from a BEC scam is much lower than the average ransom requested in a ransomware attack, email compromises are technically easier to implement. The result is that   business email compromises far outnumber ransomware attacks.<\/a><\/p>\n\n\n\n

While businesses are busy trying to protect themselves againstransomware<\/a> attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques\u2014business email compromise (BEC)<\/a>.<\/p>\n\n\n\n

Enterprise security has skewed toward ransomware in recent years, but FBI data<\/a> highlights that  enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.<\/p>\n\n\n\n

While the average financial loss from a BEC scam is much lower than the average ransom requested in a ransomware attack, email compromises are technically easier to implement. The result is that   business email compromises far outnumber ransomware attacks.[ Learn 8 pitfalls that undermine security program success<\/a> and 12 tips for effectively presenting cybersecurity to the board<\/a>. | Sign up for CSO newsletters<\/a>. ]<\/p>\n\n\n\n

Business email compromise arises when criminals access the email account of an otherwise trustworthy employee, says Paul Ducklin, principal research scientist at Sophos. \u201cThe problem here, unlike traditional phishing<\/a> attacks, is obvious: the fake messages devised by the crooks actually do come from that employee\u2019s real email account. Worse still, the crooks get to read that person\u2019s messages before they do, so that if you send an email to query strange requests that they make, or even to ask them outright if they are in control of their account, then the crooks simply delete those messages and reply in a reassuring way. As a result, the true recipient never sees the warning signs, and you never find out the truth.\u201d<\/p>\n\n\n\n

In 2021, the FBI\u2019s Internet Crime Center received 19,954 BEC complaints. It initiated action on 1,726 BEC complaints involving domestic to domestic transactions with potential losses of $443 million. A hold was placed on approximately $329 million\u2014typically by identifying and freezing the bank account used by the hackers, so that no money can be withdrawn.<\/p>\n\n\n\n

Ransomware continues to overshadow BEC attacks<\/strong><\/h2>\n\n\n\n

If BEC attacks are indeed so widespread, the obvious question is why we don’t hear about them more often. One of the reasons is that businesses rarely report such attacks. <\/p>\n\n\n\n

\u201cWe will continue to see unreported attacks even in regulated countries. If you report the attacks, you realize it\u2019ll impact your business in catastrophic ways,” says Garrett O\u2019Hara, chief field technologist at Mimecast. “Many countries that have mandatory reporting have categories where most small and medium businesses don\u2019t fall under the purview of mandatory reporting. And even the ones that fall under the purview of mandatory reporting, feel they are better off paying fine than to report these incidents.”<\/p>\n\n\n\n

The figures involved in ransomware are also greater, and tend to be more attention-grabbing. The average ransom<\/a>ware demand stood at $2.2 million in 2021, according to Palo Alto Networks, while the FBI reports that the average cost of a BEC scam stood at about $120,000 in 2021.<\/p>\n\n\n\n

\u201cBEC is embarrassing, and you may lose some money, but ransomware is an existential crisis. Most companies therefore look at BEC as a regular theft. Ransomware executed well grinds a business to a halt. Servers can be locked, patients can be denied vital healthcare, all critical systems can be locked,\u201d O\u2019Hara said.<\/p>\n\n\n\n

BEC attacks can be extremely easy to execute<\/strong><\/h2>\n\n\n\n

To execute a BEC scam, hackers gain access to email accounts of senior company officials through social engineering techniques<\/a>, and then just ask the accounts department to make a payment to a particular vendor. In this case, the vendor can often be a legitimate vendor and the invoice can look identical to an earlier invoice from the same vendor. The hacker just changes the account details and since the email is coming from top management, the accounts team doesn\u2019t question the transaction.<\/p>\n\n\n\n

The attacker, therefore, doesn\u2019t even need to exploit any security vulnerability, does not have to write any code (in most cases) and sometimes can execute the scam without deep computer skills.<\/p>\n\n\n\n

On the other hand, to execute a ransomware attack, the attacker needs to find vulnerabilities in the target\u2019s computers or servers, gain access to the target laptops or servers, encrypt all the files and then demand a ransom\u2014a relatively complex process.<\/p>\n\n\n\n

The ease of executing BEC attacks has therefore been the biggest challenge in containing them. A typical target for BEC is a company that has high number of financial transactions\u2014essentially any company that is transferring money regularly. That creates ample opportunity for BEC attacks.<\/p>\n\n\n\n

With the advent of remote meetings over the past few years, fraudsters are targeting virtual meeting platforms to hack emails and spoof the credentials of senior leadership team to initiate the fraudulent transfer of funds, according to the FBI’s most recent annual internet crime report. These funds are then immediately transferred to cryptocurrency wallets or mule bank accounts, and quickly dispersed, making recovery efforts more difficult.<\/p>\n\n\n\n

\u201cBECs focus on mass attacks, unlike ransomware attacks that are highly targeted and therefore require a lot of work. We see for BEC scams, hackers are targeting a lot of SMEs, which is 80-90% of businesses. That\u2019s a lot of targets. On the other hand, ransomware attacks are typically targeted at MNCs (multinational companies) and their third parties. Attackers also use BEC toolkits to execute some of these scams,\u201d says Ian Lim, field chief security officer for Asia Pacific at Palo Alto Networks. <\/p>\n\n\n\n

Palo Alto\u2019s Unit 42 division has been tracking BECs for several years and had even worked with Interpol in a recent counter-BEC operation<\/a> that led to the arrest of 11 Nigerian nationals, many of whom were participating in BEC scams since 2015. The investigation found out that the profile of attackers has also evolved with time. Many of the attackers were found to be IT graduates who see BEC scams as easy and lucrative career options.<\/p>\n\n\n\n

Companies will need AI tools to combat BEC scams<\/strong><\/h2>\n\n\n\n

Hackers are now using advanced techniques to execute their BEC scams, including \u201ccousin domains\u201d\u2014 a website with a deceptively similar name to another website\u2014or \u201cidentity mimicry,” wherein the domain used looks very similar to a legitimate website.  Such domains can scam users by prompting them to enter their personal information.<\/p>\n\n\n\n

\u201cYou need AI tools to identify these techniques through digital trails. AI tools can also track the language used in the emails to flag any anomalous behavior,\u201d Mimecast’s O\u2019Hara says.<\/p>\n\n\n\n

One of the biggest challenges that companies face in trying to defend against BEC scams, though, is that the email accounts that are used to carry out these scams are usually legitimate email accounts belonging to senior company officials including CEOs and CFOs.<\/p>\n\n\n\n

But simple checks and balances can also go a long way in combating BEC scams, experts believe. \u201cIf you notice anything unusual, if anything is unexpected, check and confirm before making any payments. Pick up the phone and validate the request before going ahead with any official financial transaction. You need to have a healthy dose of suspicion,\u201d Palo Alto Networks’ Lim says.<\/p>\n\n\n\n

According to O\u2019Hara, building security right into business processes can also help organizations stay protected against such scams. \u201cThe process to update bank details for a supplier, for example, need to follow security policies. Same needs to be followed for any new vendor,\u201d he said.<\/p>\n\n\n\n

People are your best defense against BEC, Sophos’ Ducklin points out. \u201cRemember: \u2018If in doubt, don’t give it out,\u2019 and \u2018If you see something, say something.\u2019 If you work in security operations and you don’t yet have a simple, standardised way for staff to report things that don\u2019t add up\u2014e.g. an email address monitored directly by the SecOps team\u2014 create one right away. If you think someone\u2019s account might have been hacked, remind your staff not to use that same account to voice your suspicions, whether it\u2019s an email address, a Facebook account or a phone number.\u201d<\/p>\n\n\n\n

https:\/\/www.csoonline.com\/article\/3670548\/why-business-email-compromise-still-tops-ransomware-for-total-losses.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques\u2014business email compromise (BEC).<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[131,136,134,135,129,127,111],"tags":[],"class_list":["post-3224","post","type-post","status-publish","format-standard","hentry","category-business-email-compromise","category-criminal-gangs","category-cybersecurity","category-hacktivists","category-phishing","category-remote-work","category-security"],"yoast_head":"\nWhy business email compromise still tops ransomware for total losses - TrustWrx<\/title>\n<meta name=\"description\" content=\"Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here's why BEC is favored by cybercriminals.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why business email compromise still tops ransomware for total losses - TrustWrx\" \/>\n<meta property=\"og:description\" content=\"Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here's why BEC is favored by cybercriminals.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/\" \/>\n<meta property=\"og:site_name\" content=\"TrustWrx\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-09T16:13:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-21T17:13:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70\" \/>\n<meta name=\"author\" content=\"Marc Warshaw\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marc Warshaw\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/\",\"url\":\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/\",\"name\":\"Why business email compromise still tops ransomware for total losses - TrustWrx\",\"isPartOf\":{\"@id\":\"https:\/\/dev.trustwrx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70\",\"datePublished\":\"2022-09-09T16:13:00+00:00\",\"dateModified\":\"2022-10-21T17:13:39+00:00\",\"author\":{\"@id\":\"https:\/\/dev.trustwrx.com\/#\/schema\/person\/2cddd6c8b8635c2e6bd0b86e6a236731\"},\"description\":\"Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here's why BEC is favored by cybercriminals.\",\"breadcrumb\":{\"@id\":\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#primaryimage\",\"url\":\"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70\",\"contentUrl\":\"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dev.trustwrx.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why business email compromise still tops ransomware for total losses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dev.trustwrx.com\/#website\",\"url\":\"https:\/\/dev.trustwrx.com\/\",\"name\":\"TrustWrx\",\"description\":\"The SMB Security Solution for Managed Services Providers\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dev.trustwrx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/dev.trustwrx.com\/#\/schema\/person\/2cddd6c8b8635c2e6bd0b86e6a236731\",\"name\":\"Marc Warshaw\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dev.trustwrx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/117d38c42d3f6321c3e609329de227a5213011f6ef72e63252fb0dc5e91383a4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/117d38c42d3f6321c3e609329de227a5213011f6ef72e63252fb0dc5e91383a4?s=96&d=mm&r=g\",\"caption\":\"Marc Warshaw\"},\"url\":\"https:\/\/dev.trustwrx.com\/index.php\/author\/admintrustwrx\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why business email compromise still tops ransomware for total losses - TrustWrx","description":"Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here's why BEC is favored by cybercriminals.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/","og_locale":"en_US","og_type":"article","og_title":"Why business email compromise still tops ransomware for total losses - TrustWrx","og_description":"Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here's why BEC is favored by cybercriminals.","og_url":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/","og_site_name":"TrustWrx","article_published_time":"2022-09-09T16:13:00+00:00","article_modified_time":"2022-10-21T17:13:39+00:00","og_image":[{"url":"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70","type":"","width":"","height":""}],"author":"Marc Warshaw","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Marc Warshaw","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/","url":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/","name":"Why business email compromise still tops ransomware for total losses - TrustWrx","isPartOf":{"@id":"https:\/\/dev.trustwrx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#primaryimage"},"image":{"@id":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#primaryimage"},"thumbnailUrl":"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70","datePublished":"2022-09-09T16:13:00+00:00","dateModified":"2022-10-21T17:13:39+00:00","author":{"@id":"https:\/\/dev.trustwrx.com\/#\/schema\/person\/2cddd6c8b8635c2e6bd0b86e6a236731"},"description":"Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here's why BEC is favored by cybercriminals.","breadcrumb":{"@id":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#primaryimage","url":"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70","contentUrl":"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/email-security_lock_breach_protocol_by-microstockhub-getty-100799018-large.jpg?auto=webp&quality=85,70"},{"@type":"BreadcrumbList","@id":"https:\/\/dev.trustwrx.com\/index.php\/why-business-email-compromise-still-tops-ransomware-for-total-losses\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dev.trustwrx.com\/"},{"@type":"ListItem","position":2,"name":"Why business email compromise still tops ransomware for total losses"}]},{"@type":"WebSite","@id":"https:\/\/dev.trustwrx.com\/#website","url":"https:\/\/dev.trustwrx.com\/","name":"TrustWrx","description":"The SMB Security Solution for Managed Services Providers","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dev.trustwrx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/dev.trustwrx.com\/#\/schema\/person\/2cddd6c8b8635c2e6bd0b86e6a236731","name":"Marc Warshaw","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dev.trustwrx.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/117d38c42d3f6321c3e609329de227a5213011f6ef72e63252fb0dc5e91383a4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/117d38c42d3f6321c3e609329de227a5213011f6ef72e63252fb0dc5e91383a4?s=96&d=mm&r=g","caption":"Marc Warshaw"},"url":"https:\/\/dev.trustwrx.com\/index.php\/author\/admintrustwrx\/"}]}},"_links":{"self":[{"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/posts\/3224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/comments?post=3224"}],"version-history":[{"count":25,"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/posts\/3224\/revisions"}],"predecessor-version":[{"id":3312,"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/posts\/3224\/revisions\/3312"}],"wp:attachment":[{"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/media?parent=3224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/categories?post=3224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.trustwrx.com\/index.php\/wp-json\/wp\/v2\/tags?post=3224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}