How cyber criminals execute business email compromise attacks

Over 90 per cent of business email compromise (BEC) attacks take place on weekdays, with many being sent during typical business hours for the targeted organisation to make them more convincing, says a new study.

The research by US-based cyber security firm Barracuda Networks showed that 85 per cent of business email compromise attacks are urgent requests designed to get a fast response.

The average BEC attack targets no more than six employees, and 94.5 per cent of all attacks target less than 25 people, titled "Spear Phishing: Top Threats and Trends Vol. 3".

"Attackers continue to find new ways to make business email compromise attacks more convincing, ultimately making them more costly and damaging to businesses," Don MacLennan, Senior Vice President, Email Protection, Engineering and Product Management, Barracuda, said in a statement.

"Taking the proper precautions and staying informed about the tactics cybercriminals are using will help organisations defend themselves more effectively against these highly targeted attacks," MacLennan said.

The report noted that business email compromise makes up a small percentage of spear-phishing attacks, but it has cost businesses more than $26 billion in the past four years, according to the Federal Bureau of Investigation (FBI) in the US.

Business email compromise attacks have high click-thru rates. One in 10 spear-phishing emails successfully tricks a user into clicking. That number triples for BEC attacks that impersonate someone within the organisation.

In the past 12 months, the average amount lost per organisation due to spear-phishing attacks was $270,000, said the report.IANS