In June of 2016, the FBI once again increased its estimate of exposed losses caused by business email compromise (BEC) attacks; this time to a staggering $3.1B worldwide. The rate at which losses have risen is also dramatic: 1,300% since January 2015, with victims in more than 100 different countries.For IT security teams, this issue is extremely high profile—it goes straight to the boardroom. Top executives are falling victim to scams and personally getting spoofed, leading to serious consequences for their companies and careers. Some are even losing their jobs.
What’s more, the FBI now believes the number of companies impacted by BEC, also referred to as impostor email, is well over 22,000, with attackers targeting companies all over the globe. Because imposter emails are highly targeted—focused on manipulating a specific executive to transfer money or reveal information—only a very low number are sent to any particular company for each attack. Therefore, attackers must target a very large number of companies while hoping to remain undetected. The result? It doesn’t matter where in the world you are; your customers’ executives are a potential target for this threat.
BEC scams can look and feel legitimate, requiring attackers to do a great deal of research to trick the right victim, at the right time. Analysis from Proofpoint, a next-generation cybersecurity company, reveals recent impostor email trends:
- The targets – 47% of impostor emails target the CFO. HR is the second at 25%.
- The topics – 30% of impostor emails request employee tax information. Wire transfer is next at 21%.
- The tactics – 75% of impostor emails spoof their reply-to address to fool victims.
For the full results, view Proofpoint's related infographic.
It goes without saying that the need to protect organizations both large and small from BEC threats has never been greater. Companies must use different techniques in technology, training and process to maximize the chances of evading these attacks. Awareness of the problem can lead to increased vigilance amongst executives. Education efforts can teach employees to look for common red flags, like language issues, unusual date formats or requests that bypass normal channels. And your customers should also consider using an email security solution that can dynamically identify impostor emails before delivery.
The impostor email classifier is an included feature of Proofpoint Essentials, the dedicated email security solution for SMEs available through Ingram Micro Cloud. Because BEC threats do not use malicious attachments or URLs, they require a different approach than used by standard anti-spam tools. Proofpoint Essentials dynamically analyzes the attributes of all email as it arrives and detects anomalies that point to an imposter. Dynamic classification offers increased security—without the management overhead increase. It protects your customers from imposter emails, phishing, malware, spam, and other dangerous content without requiring administrators to build and maintain lists of users, potential email content and other static items. This means your customers save critical protection time.
Business email compromise is a serious threat, but one that prepared companies can fight against. Want to help your customers protect against BEC/imposter email threats? Start selling Proofpoint Essentials through Ingram Micro Cloud today.
Learn more at https://www.ingrammicrocloud.com/.