Spammers are increasingly relying on high-targeted messages for financial gain, tricking businesses into either transferring funds or releasing sensitive information on employees. Since the beginning of the year, Cloudmark has seen a dramatic increase in text-only, email impersonation attacks known as Business Email Compromise (BEC).
The volume of BEC prompted the FBI to issue an alert on CEO spoofing spams cautioning businesses to be wary of e-mail only wire-transfer requests and requests involving urgency. According to Cloudmark's latest Quarterly Threat Report, losses from BEC wire-fraud attacks rose to an average of $104 million per month over the last 15 months.
Another BEC attack that gained traction this year is the W-2 scam, with more than 60 organizations falling prey to attacks targeting their employees' W-2s. Large and small companies in industries ranging from health care to higher education to technology to manufacturing have been fooled by attackers into leaking their employees' tax forms, with some attacks exposing the confidential information of tens of thousands of people.
How these attacks typically happen is that a member of the finance or human relations team will receive an email that appears to be from a high-ranking official, usually the CEO or CFO – with a straightforward request such as funds of W-2 data. However, they are really sending the funds or sensitive data to an outside official not connected with their organization. Due to the simplicity in executing these attacks, BEC spoofing attacks are one of the fastest growing forms of cyber fraud.
In this slideshow, Cloudmark has compiled tips for businesses and individuals on how to combat phishing attacks and prevent identity and tax fraud as financial losses.
Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ... More >>
Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ... More >>
When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ... More >>