News broke yesterday of the result of an Agari survey which suggest BEC scams (also known as CEO scams) are on the rise, and responsible for almost $5.3 billion in exposed losses between 2013 and 2016. Almost every company surveyed (96%) were targeted with BEC emails in the second half of 2017. Tim Helming, Director of Product Managementat DomainTools commented below.
Tim Helming, Director of Product Managementat DomainTools:
“Cybersecurity professionals will be unsurprised by the volume of BEC/CEO scams recorded by this survey, but it serves as a welcome reminder to make sure that regardless of whether an email appears to be internal or external, it can still be malicious. Cybercriminals are increasingly getting wise to the general public’s awareness regarding blanket phishing scams, and are taking the time to adjust their tactics accordingly- which the 5.3 billion in exposed losses suggests is working. The best advice we can provide is to double check all and any emails before acting upon any of the content, particularly regarding financial transfers or decisions. Carefully check the sender’s email address, and if something seems unusual in their writing style, email format or request, take note of it and seek confirmation from the internal party via phone, in person, or via a new email thread. It’s better to slow down a legitimate request than to comply with a fraudulent one.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.