1 in 4 Business Email Compromise Attacks Use Lookalike Domains to Trick Victims

The latest Data on BEC scams shows how the bad guys are using a mix of Gmail accounts, increases in stolen wire transfers, and a shift to payroll diversions to trick you out of your money from email attacks.

I love it when great industry data is released; it allows us all to get a better handle on what the bad guys are doing, how are their tactics shifting, and what to expect when you experience your next attack.

Security vendor Agari recently released their H1 2021 Email Fraud & Identity Deception Trends report some new data on what they saw in the latter part of 2020. Out of literally trillions of emails analyzed, Agari found the following BEC trends:

  • Wire Transfer fraud represented 22% of all BEC scams (Gift Card scams have remained number 1 throughout all of 2020, declining focus in Q4)
  • The average fraudulent wire transfer was a little over $72K, up 8% from the 1H 2020
  • Payroll diversion has steadily grown in interest over the last six months of 2020
  • Free webmail accounts are used in over three-quarters of attacks, with Gmail being used 60% of the time
  • 23%, or nearly 1 in 4, BEC attacks are sent from a lookalike domain registered by the attackers

The trends seem to be pointing to a greater interest in both fraudulent wire transfers, payroll diversion, and (of course) increases in the payoff.

Organizations need to be ready for these attacks, as the use of free webmail accounts points to how easy it is for an individual to get into the cybercrime business. These bad guys need internal users to respond to emails in order to be successful. So, teaching users via Security Awareness Training can help them easily identify BEC scams and help to reduce the risk surface of the organization.

This article originally posted on KnowBe4 and can be viewed here.

Check out more Making Sense of Security here.

1 in 4 business email compromise attacks use lookalike domains to trick victims&bu=https%3A%2F%2Fblog.knowbe4