Barracuda research uncovers techniques cybercriminals are using to make business email compromise attacks more convincing
New report looks at why these low-volume attacks are so costly, and how to protect your business from these targeted threats
21 Nov, 2019, 09:03 ET
CAMPBELL, Calif., Nov. 21, 2019 /PRNewswire/ --
- Business email compromise makes up a small percentage of spear-phishing attacks, but it has cost businesses more than $26 billion in the past four years, according to the FBI
- Attackers try to mimic business behavior as much as possible, such as sending emails during regular business hours for the compromised account
- Business email compromise attacks are low in volume and highly targeted
Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released a new report with key findings about business email compromise attacks. The latest report, titled Spear Phishing: Top Threats and Trends Vol. 3 - Defending against business email compromise attacks, reveals new details about these highly targeted threats, including the latest tactics used by cybercriminals and the steps you can take to help defend your business.
See the full report: www.barracuda.com/spear-phishing-report-3
The report takes a detailed look at how these crafty spear-phishing attacks use convincing impersonation, strategic targeting, careful timing, and social engineering to steal money or personally identifiable information. It also tackles how organizations can use advanced detection techniques, security awareness training, and other strategies and solutions to successfully prevent these costly and damaging attacks.
Fresh insights on targeted attacks
Barracuda's research reveals insights into how these targeted attacks are impacting businesses and the approaches cybercriminals are using to try to make them more persuasive.
- 91 percent of BEC attacks take place on weekdays, with many being sent during typical business hours for the targeted organization to make them more convincing.
- The average BEC attack targets no more than six employees, and 94.5 percent of all attacks target less than 25 people.
- 85 percent of business email compromise attacks are urgent requests designed to get a fast response.
- Business email compromise attacks have high click-thru rates. One in 10 spear-phishing emails successfully tricks a user into clicking. That number triples for emails that impersonate someone from HR or IT.
- In the past 12 months, the average amount lost per organization due to spear-phishing attacks was $270,000.
"Attackers continue to find new ways to make business email compromise attacks more convincing, ultimately making them more costly and damaging to businesses," said Don MacLennan, SVP, Email Protection, Engineering and Product Management, Barracuda. "Taking the proper precautions and staying informed about the tactics cybercriminals are using will help organizations defend themselves more effectively against these highly targeted attacks."
Get the full report: www.barracuda.com/spear-phishing-report-3
Read the blog post: http://cuda.co/38976
Get the first two volumes:
- Get Spear Phishing: Top Threats and Trends, Vol. 1 - Best Practices to Defeat Evolving Attacks
- Get Spear Phishing: Top Threats and Trends, Vol. 2 - Email account takeover and defending against lateral phishing attacks
At Barracuda, we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers' journey. More than 150,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. Get more information at barracuda.com.
Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.
Barracuda Networks, Inc.
SOURCE Barracuda Networks, Inc.
Share this article