Losses to BEC Attacks Increased by 48% in Q2, 2020

By Richard Anderson

New data released by Agari show there has been a significant increase in losses to business email compromise attacks in Q2, 2020, increasing by 48% from the previous quarter.

Business email compromise (BEC) is a form of email fraud in which an attacker compromises an email account of an organization and uses that account to commit fraud against the organization or business contacts. Typically, these attacks aim to fraudulently obtain sensitive data or funds, either by redirecting payroll, convincing an individual responsible for wire transfers to make a fraudulent payment.

According to the latest Phishing Activity Trends Report from the Anti-Phishing Working Group, of which Agari is a member, in Q2, 2020, the average loss to a BEC attack involving a fraudulent wire transfer was $80,143, up from $54,000 in Q1. One Russian cybercriminal group has been targeting large companies and attempting to obtain much larger payments. The average fraudulent wire transfer attempt from the gang was $1.27 million. Fraudulent wire transfer scams account for 18% of all BEC attacks.

Gift card scams are the most common type of BEC scam, accounting for 66% of BEC attacks. These attacks involve convincing targets to send a gift card, usually for Google Play, Apple iTunes, Steam Wallet, or eBay.

The amounts gained by attackers in these scams are far lower than other types of BEC attacks, but they are easier for the attackers to cash out. The average loss to these scams in Q2, 220 was $1,213. 16% of BEC attacks involved redirecting payroll. The average loss to a payroll diverting BEC attack was down 25% in Q2, 2020.

According to the FBI’s 2019 Internet Crime Report, BEC attacks were the fifth most common type of cyberattack, but the scams accounted for more than half of all losses to cybercrime. In 2019, losses to BEC attacks reached $1.8 billion but since many companies do not report losses to BEC attacks, the actual total is likely to be far higher.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news