Trend Micro has reported that business email compromise (BEC) attacks are projected to exceed $9 billion in 2018. This is quite an increase when you consider that, less than a year ago, the FBI reported BEC attacks had become a $5.3 billion industry. Eyal Benishti, CEO and Founder at IRONSCALES commented below.
Eyal Benishti, CEO and Founder at IRONSCALES:
“BEC attacks are proving lucrative and increasingly successful and there are no malicious attachments to strip, no links to analyse. It’s pure social engineering via email trying to redirect large sums of money.
“The problem is these spoofed messages are evading detection to arrive into employees’ inboxes. Raising employee awareness to phishing indicators so fewer are duped to fall for the scam in the first instance is a solid foundation, but alone is not enough. While training might help some to spot badly created communications, with attackers honing their craft it’s not always easy to determine fact from fiction. In addition, no matter how hard you train people, no one is perfect 100% of the time and expecting them to never fall victim is unfair, especially as these communications typically use emotive language that manipulates the user to act quickly which could mean they are pressured into acting first then thinking later.
“Instead organisations need to accept the risk exists and afford employees with tools that will help them identify and therefore not fall for these false communications. Anti-impersonation technology and sender reputation scoring that can monitor communication habits, at the mailbox level, to build a picture of what a user and sender’s normal communications look like. Having established this baseline, anything that detracts is automatically identified and visually flagged as a malicious impersonation attempt. This sounds a warning bell to the user which might make the difference between them questioning the messages intention or blindly transferring large sums of cash to criminals.”