What few people had anticipated, however, was how big of an increase we’d see.
While the number of attacks generally increased throughout 2018, few areas saw more explosive growth than BEC, which stands for Business Email Compromise attacks.
Those hacks accounted for a mind-boggling 476 percent surge between the fourth quarter of 2017 and the fourth quarter of 2018. To give that number some context, by comparison, the number of email fraud attempts against businesses also increased by by just 226 percent over the same period, which while staggering, is paltry by comparison.
BEC attacks therefore win the dubious honor of being the fastest growing security risk on the current threat matrix, and the most likely type of attack that businesses are likely to experience.
These are, at their core, social engineering attacks that target specific employees of a firm, typically in the company’s finance department. The goal is to convince them that they’re dealing with a vendor the company regularly does business with and convince them to send large sums of money. This is typically via wire transfer to accounts that, at first glance, appear to be legitimate vendor accounts, but which of course are controlled by the attackers.