9 out of 10 Business Email Compromise (BEC) attacks take place on weekdays with most of these e-mails being sent during business hours to make them more convincing, thereby tricking the victims.
The average BEC attack, also called CEO fraud, is aimed at no more than six employees, while in almost all cases (94.5 per cent), a maximum of 25 people are targeted.
These are the findings of a new report, Spear Phishing: Top Threats and Trends Vol. 3 – Defending against business email compromise attacks by US-based cyber security firm Barracuda, providing insight into BEC attacks and offering organizations practical tips on how to protect themselves against these highly targeted attacks.
The report reveals new details about BEC attacks including the latest methods used by cyber attackers.
Among other things, the report identifies how cyber criminals present themselves as colleagues, strategically choose their victims, and use social engineering tactics to obtain money or personal information.
85 per cent of BEC attacks are urgent requests designed to trick people into a fast and rash decision. According to the report, links are often clicked in BEC emails. These attacks have high click-through rates (CTR), 10 per cent on average. That number is three times high for BEC attacks that mimic someone within your own organization.
“Attackers continue to find new ways to make business email compromise attacks more convincing, ultimately making them more costly and damaging to businesses,” said Don MacLennan, Senior Vice President, Email Protection, Engineering and Product Management, Barracuda.
“Taking the proper precautions and staying informed about the tactics cybercriminals are using will help organisations defend themselves more effectively against these highly targeted attacks,” MacLennan said.
According to the report, the average amount lost per organisation due to spear-phishing attacks in the past 12 months year was $270,000.
The full report can be found here.