Business e-mail compromise (BEC) attacks are on the rise, becoming one of the most popular social engineering techniques among cybercriminals, according to a report by cybersecurity firm Kaspersky.

Kaspersky experts are increasingly observing such attacks. In Q4 2021, Kaspersky products prevented over 8000 BEC attacks, with the highest number of attacks occurring in October, amounting to 5037.

“BEC attacks are a type of fraud that involves impersonating a representative from a trusted business,” Kaspersky explained.

“Right now, we observe that BEC attacks become one of the most widespread social engineering techniques. The reason for that is pretty simple - scammers use such schemes because they work. While fewer people tend to fall for simple mass-scale fake emails now, fraudsters started to carefully harvest data about their victims and then use it to build trust. Some of these attacks are possible because cybercriminals can easily find names and job positions of employees as well as lists of contacts in open access. That is why we encourage users to be careful at work,” said Roman Dedenok, security expert at Kaspersky.

Throughout 2021, its researchers closely analysed the way fraudsters craft and spread fake emails. As the result, they found out that the attacks tend to fall into two categories: large-scale and highly targeted.

“The former is called “BEC-as-a-Service”, whereby attacks simplify the mechanics behind the attack in order to reach as many victims as possible,” it explained.

Attackers send streamlined messages from free email accounts en masse hoping to snare as many victims as possible.

“Such messages often lack high levels of sophistication, but they are efficient,” it said.

In an example shared by Kaspersky, attackers impersonate a senior colleague to target an employee with a fake email which includes a vague message telling that one has a request to handle.

“A victim may be asked to urgently pay off some contract, settle some financial conflict, or share sensitive information with a third party. Any employee may potentially become a victim,” it explained.

Often, there are several noticeable red flags in such a message. 

While some criminals rely on simplified mass mailouts, others are engaging in more advanced, targeted BEC attacks.

“The process works as follows: attackers first attack an intermediary mailbox, gaining access to that account’s e-mail. Then, once they find a suitable correspondence in the compromised mailbox of the intermediary company (say, financial matters or technical issues related to work), they continue the correspondence with the targeted company, impersonating the intermediary company,” Kaspersky explained.

The goal, often, is to persuade the victim to transfer money or install malware.

The target is far more likely to fall victim to the scam since they are, in fact, engaging in the conversation referenced by the attackers.

“Such attacks have proven to be highly effective, and that’s why they’re not only used by small-time criminals looking to make a quick profit,” it said.

‘Email remains the primary communication channel for most enterprises due to its widespread use. With no replacement on the horizon, it will remain so for years to come. But as remote working practices and cloud storage become the new norm, along with the growth of poor digital hygiene, we foresee the emergence of new scam methods leveraging these gaps in enterprise security,” said Oleg Gorobets, Senior Product Marketing Manager at Kaspersky.

Gorobets added, “With less control over endpoint security, IT/IT security admins tend to get stressed even if they receive a successful blocking message from EPP. A good example of this is email-borne threats reaching the endpoint level, which can occur when using bundled “good enough” email security from telco or cloud mail provider. Using a specialised security solution and a well-tested technology stack, backed with quality threat data and machine learning algorithms can really make a difference.”

comment COMMENT NOW