August 31, 2018

Study: Most email cyberfraud attacks do not include phishing links

securityBusiness email compromise (BEC) attacks – one of the most prevalent types of cyberfraud – were analyzed recently by cybersecurity firm Barracuda. After reviewing 3,000 random BEC attacks from 50 companies, Barracuda found that 60 percent of them didn't include a phishing link – making these scams more difficult to detect and block.

BEC scams are used to gain access to a business email account and imitate the owner's identity in an effort to defraud a company. The data show that the most common BEC scam is trying to get the recipient to do a wire transfer to a bank account owned by the attacker.

Of these scams, 0.8 percent of the attackers asked the recipient to send them personal identifiable information (W2 forms with Social Security Numbers), 40 percent of attackers asked recipients to click a link and 12 percent of attackers tried to establish some rapport with the target by starting a conversation.

The fact that 60 percent of BEC scams do not involve a link make these emails "especially difficult for existing email security systems, because they are often sent from legitimate email accounts, tailored to each recipient, and do not contain any suspicious links," Barracuda explained.

Also of note, about 43 percent of the attackers took on the false identity of the company's CEO or founder.

Barracuda also provides some tips to avoid becoming a victim of a BEC scam.