Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 28 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Business email compromise (BEC) attacks increase 45 percent, 2/3 use spoofed email domains to trick victims

by The Gurus
March 28, 2017
in Editor's News
Share on FacebookShare on Twitter

Proofpoint, Inc., a leading next-generation security and compliance company, today released new research into business email compromise (BEC) attacks which indicates an acceleration in their sophistication and velocity. Overall BEC attacks increased by 45 percent in the last three months of 2016 compared to prior months based on Proofpoint’s extensive research into attack attempts across more than 5,000 enterprise customers. To help organisations combat BEC threats, Proofpoint recently enhanced its comprehensive BEC protection with Proofpoint Email Fraud Defence to ensure organisations can authenticate their email, as well as Proofpoint Digital Risk Defence’s Web Discover module to proactively identify lookalike domains.
BEC attacks, which have cost organisations billions of dollars (1), put every email-based relationship at risk. During an attack, cybercriminals pretend to be a company executive and send highly-targeted emails to employees to trick recipients into wiring money or sending sensitive information. Proofpoint is the only company that provides the multi-layered approach needed to protect organisations from all forms of BEC attacks.
“Seventy-five percent of our customers were hit with at least one attempted BEC attack in the last three months of 2016—and it only takes one to cause significant damage,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint. “Our research shows static policies cannot keep up as attackers are constantly changing their socially-engineered messages. Organisations need detection, authentication, visibility, and data loss prevention to ensure they don’t fall victim.”
Proofpoint’s extensive research into BEC attack attempts across more than 5,000 enterprise customers between July-December 2016 (including U.S., Canadian, UK, German, French, and Australian organisations) confirms cybercriminals are using social engineering to target and exploit victims. Below are key Proofpoint findings:

  • BEC attacks increased by 45 percent in the last three months of 2016 vs. the prior three months. 2/3 of all BEC attacks spoofed their email address domain so that their fraudulent emails displayed the same domain as that of the company targeted in the attack.
  • Companies of all sizes are prone to BEC attacks. Proofpoint data indicates no correlation between the size of the company and BEC attack volume. Larger companies make for attractive targets because they have more funds to draw on and greater organisational complexity to hide behind, even if they tend to have stricter financial controls. And while smaller companies may not yield the same returns, the relative absence of financial controls makes them more vulnerable.
  • Manufacturing, retail and technology organisations are generally more targeted with BEC attacks. Hit repeatedly every month, cybercriminals look to take advantage of more complex supply chains and SaaS infrastructures which often accompany these industries.
  • While CEO impersonation continues in BEC attacks, cybercriminals are increasingly targeting victims deeper within organisations. There is a shift beyond simple fraudulent CEO-to-CFO BEC attacks to CEO-to-different employee groups. For example, to accounts payable for wire transfer fraud attempts, to human resources for confidential tax information and identities—and engineering for intellectual property theft.
  • More than 70 percent of the most common BEC subject line families feature the words “Urgent” “Payment” and “Request.” The top seven subject line families include: payment (30 percent), request (21 percent), urgent (21 percent), greeting (12 percent), blank (nine percent), FYI (five percent), and, where are you? (two percent).

Proofpoint’s Email Fraud Defence solution protects organisations from attacks spoofing trusted domains by using the power of email authentication. Featuring a DMARC (Domain-based Message Authentication Reporting & Conformance) reporting interface combined with the guidance of a world class team of authentication experts, Email Fraud Defence helps organisations identify, authorize, configure and authenticate all legitimate email traffic, so that security teams can implement policies to block abuse of their domains.
Email Fraud Defence is also part of Proofpoint’s comprehensive multi-layer BEC protection solution, which includes policy and dynamic classification through Proofpoint Email Protection, data loss prevention with Proofpoint Email DLP, and proactive lookalike domain detection via Proofpoint Digital Risk Defence.
 

FacebookTweetLinkedIn
Tags: CyberemailsecurityTechnologyThreat
ShareTweetShare
Previous Post

Hurricanes, earthquakes & threat intelligence

Next Post

Tech-savvy generation demands the high street to up its game

Recent News

Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

How to Succeed As a New Chief Information Security Officer (CISO)

March 28, 2023

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

March 28, 2023
penetration testing

Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information