Business Email Compromise (BEC) continues to be a highly profitable avenue for cyber attackers. The FBI's Internet Crime Complaint Center (IC3) received a staggering 21,832 complaints in 2022, reflecting adjusted losses surpassing $2.7 billion. While advancements in detection and prevention are made, threat actors' sophistication in their constantly evolving tactics remains evident. A comprehensive review of the BEC landscape by Trustwave in the first half of 2023 reveals notable trends.
Trustwave's MailMarshal Cloud intercepted over 2,000 BEC messages per month on average. Q1 2023 witnessed a 25% rise in unique attacks compared to the final quarter of 2022. February marked the period with the highest volume of BEC emails in H1, following the trend of a post-holiday season surge. The findings emphasize the effectiveness of BEC campaigns during the tax season and the start of new endeavors.
The analysis unveiled a 31% decline in attacks during Q2, with June being the least active month, experiencing a 39% drop compared to January.
The vast majority of BEC messages were dispatched through free email services. The top 10 webmail services used by threat actors included Gmail, iCloud, mail.ru, optonline.net, and others. Google's Gmail stood out as the primary choice, comprising 84% of free webmail addresses. Notably, newly formed domains mimicking legitimate company domains were also employed by spammers. Google served as the registrar for 35% of newly registered BEC domains, followed by NameCheap Inc. at 25%.
The lure strategies adopted by BEC campaigns varied. Payroll diversion, request for contact, task requests, availability queries, invoice transactions, gift purchases, wire transfers, and document requests were used to manipulate victims. Payroll diversion, wherein attackers pose as employees and attempt to reroute payroll to their accounts, dominated with almost half of observed attacks. Inquiry emails soliciting personal contact information ranked second.
Gift card fraud emerged as a unique BEC tactic, exploiting victims' emotional strings. Fraudsters impersonate company executives, promising employee appreciation through gift cards. Amazon was the most targeted brand for gift cards (64%), followed by Apple's iTunes (18%) and liquid cards like Visa and Amex (11%).
A new BEC variant surfaced involving multi-persona impersonation. This scam employs an "Invoice Transaction" lure, presenting an executive and a vendor representative as contacts. The initial email introduces the unpaid invoice, while the subsequent message from the vendor representative requests payment. A variant requires the victim to initiate contact with the fake vendor representative, adding an air of legitimacy.
BEC tactics are becoming increasingly sophisticated, emphasizing the importance of robust cybersecurity defenses, both technological and human. To thwart these evolving schemes, organizations must remain vigilant and stay informed about the latest threats. ###