Scammers Go Phishing: Business Email Compromise on the Rise

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Scammers Go Phishing: Business Email Compromise on the Rise-2 Next

Implement Email Threat Intelligence

Implement email threat intelligence to help identify attack employees most at risk.

Threat intelligence about spam and phishing, such as domains and IP addresses associated with attacks, helps to detect and deflect many spearphishing campaigns. It can also help organizations to identify individuals more likely to be targeted by scammers based on their role or the number of threats they experience. Armed with this information, organizations can help raise awareness by providing education and support to users who are most at risk.

Spammers are increasingly relying on high-targeted messages for financial gain, tricking businesses into either transferring funds or releasing sensitive information on employees. Since the beginning of the year, Cloudmark has seen a dramatic increase in text-only, email impersonation attacks known as Business Email Compromise (BEC).

The volume of BEC prompted the FBI to issue an alert on CEO spoofing spams cautioning businesses to be wary of e-mail only wire-transfer requests and requests involving urgency. According to Cloudmark's latest Quarterly Threat Report, losses from BEC wire-fraud attacks rose to an average of $104 million per month over the last 15 months.

Another BEC attack that gained traction this year is the W-2 scam, with more than 60 organizations falling prey to attacks targeting their employees' W-2s. Large and small companies in industries ranging from health care to higher education to technology to manufacturing have been fooled by attackers into leaking their employees' tax forms, with some attacks exposing the confidential information of tens of thousands of people.

How these attacks typically happen is that a member of the finance or human relations team will receive an email that appears to be from a high-ranking official, usually the CEO or CFO – with a straightforward request such as funds of W-2 data. However, they are really sending the funds or sensitive data to an outside official not connected with their organization. Due to the simplicity in executing these attacks, BEC spoofing attacks are one of the fastest growing forms of cyber fraud.

In this slideshow, Cloudmark has compiled tips for businesses and individuals on how to combat phishing attacks and prevent identity and tax fraud as financial losses.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.