News broke yesterday of the result of an Agari survey which suggest BEC scams (also known as CEO scams) are on the rise, and responsible for almost $5.3 billion in exposed losses between 2013 and 2016. Almost every company surveyed (96%) were targeted with BEC emails in the second half of 2017. Tim Helming, Director of Product Management at DomainTools commented below.
Tim Helming, Director of Product Management at DomainTools:
“Cybersecurity professionals will be unsurprised by the volume of BEC/CEO scams recorded by this survey, but it serves as a welcome reminder to make sure that regardless of whether an email appears to be internal or external, it can still be malicious. Cybercriminals are increasingly getting wise to the general public’s awareness regarding blanket phishing scams, and are taking the time to adjust their tactics accordingly- which the 5.3 billion in exposed losses suggests is working. The best advice we can provide is to double check all and any emails before acting upon any of the content, particularly regarding financial transfers or decisions. Carefully check the sender’s email address, and if something seems unusual in their writing style, email format or request, take note of it and seek confirmation from the internal party via phone, in person, or via a new email thread. It’s better to slow down a legitimate request than to comply with a fraudulent one.”