hps://www.proofpoint.com/us/soluons/business-email-compromise hps://www.proofpoint.com/us/soluons/business-email-compromise Business Compromised 45% How BEC Attacks are Escalating and Who’s Being Targeted Business email compromise (BEC) is a $3.1 billion 1 problem that shows no signs of slowing. Typically, a BEC email purports to be from an executive, tricking the recipient into sending money or sensitive data. Proofpoint recently conducted extensive research into BEC attack attempts across more than 5,000 enterprise customers between July 2016 and December 2016, including U.S., Canadian, German, French, Australian, and UK organizations. These attacks don't involve malware, making them hard to detect with conventional security tools. Here’s what we found. BEC attacks jumped 45% between Q3 and Q4 of 2016 Email subject line families 75% of our customers around the world experienced at least one BEC attack attempt in the last quarter of 2016. 2/3 of all BEC attacks spoofed an email address so that fraudulent emails displayed the same domain as that of the company targeted in the attack. The recipient sees a familiar name and assumes it is safe to open. manufacturing technology retail Greeting 12% 911 Urgent 21% BLANK 9% REQUEST 21% Where are you? 2% “?” FYI 5% payment 30% Cyber criminals take advantage of these industries’ complex supply chains and SaaS infrastructures. We saw no correlation between the size of the company and BEC attack volume. A fewer percentage of attacks on larger companies succeed due to strong security, but those that do net a bigger payday. Smaller companies may be less lucrative, but they're easier targets. Companies of all sizes are prone to BEC attacks Manufacturing, retail and technology firms are targeted more often Cyber criminals are targeting victims deeper within organizations. Instead of sticking to traditional CEO-to-CFO attacks, they now also target accounts payable, human resources, and engineering. CEO impersonation continues in BEC attacks To learn more about BEC attacks and how to stop them, visit proofpoint.com/bec 1. FBI. "Business Email Compromise: The 3.1 Billion Dollar Scam." June 2016.

How BEC Attacks are Escalating · How BEC Attacks are Escalating and Who’s Being Targeted Business email compromise (BEC) is a $3.1 billion1 problem that shows no signs of slowing

Download PDF Report

Upload
others
View
3
Download
0

Embed Size (px)

Citation preview

Page 1: How BEC Attacks are Escalating · How BEC Attacks are Escalating and Who’s Being Targeted Business email compromise (BEC) is a $3.1 billion1 problem that shows no signs of slowing

https://www.proofpoint.com/us/solutions/business-email-compromise

Business Compromised

45%

How BEC Attacks are Escalating and Who’s Being TargetedBusiness email compromise (BEC) is a $3.1 billion1 problem that shows no signs of slowing. Typically, a BEC email purports to be from an executive, tricking the recipient into sending money or sensitive data.

Proofpoint recently conducted extensive research into BEC attack attempts across more than 5,000 enterprise customers between July 2016 and December 2016, including U.S., Canadian, German, French, Australian, and UK organizations. These attacks don't involve malware, making them hard to detect with conventional security tools.

Here’s what we found.

BEC attacks jumped 45%between Q3 and Q4 of 2016

Email subject line families

75% of our customers around the world experienced at least one BEC attack attempt in the last quarter of 2016.

2/3 of all BEC attacks spoofed an email address

so that fraudulent emails displayed the same domain as that of the company targeted in the attack. The recipient sees a familiar

name and assumes it is safe to open.

manufacturing technologyretail

Greeting

12%911

Urgent

21%

BLANK

REQUEST

21%

Where are you?

2%“?”

FYI

payment

30%

Cyber criminals take advantage of these industries’ complex supply chains and SaaS infrastructures.

We saw no correlation between the size of the company and BEC attack volume. A fewer percentage of attacks on larger companies succeed due to strong security, but those that do net a bigger payday. Smaller companies may be less lucrative, but they're easier targets.

Companies of all sizes are prone to BEC attacks

Manufacturing, retail and technology firms are targeted more often

Cyber criminals are targeting victims deeper within organizations. Instead of sticking to traditional CEO-to-CFO attacks, they now also target accounts payable, human resources, and engineering.

CEO impersonation continues in BEC attacks

To learn more about BEC attacks and how to stop them, visit proofpoint.com/bec

1. FBI. "Business Email Compromise: The 3.1 Billion Dollar Scam." June 2016.