In 2019, Business Email Compromise (BEC) attacks – a long-standing cybersecurity threat – accounted for $1.7 billion in losses, with cybercriminals using new tactics and techniques to carry out existing attacks. As cybercrime spikes in the wake of COVID-19, BEC’s toll is expected to rise this year. The Federal Bureau of Investigation (FBI) recently issued a warning to businesses on the growing threat of BEC attacks using the pandemic as a backdrop for unusual requests like payments to a “new” vendor or a change of account information.
BEC encompasses a range of cyberattacks, including tax scams, email, website spoofing, and most commonly, spear phishing. Spear phishing attacks are highly-researched ploys targeting specific individuals within an organization, often using specific details such as names and titles to spoof legitimate senders and coerce their target into initiating a seemingly legitimate transaction. By posing as legitimate senders with a specific request, these attacks can be extremely effective in initiating wire transfers or gaining unauthorized access to sensitive data.