Business email compromise (BEC) scams target companies that do wire transfers or have foreign suppliers. BEC is a type of B2B scam where often the CEO of a company is impersonated. The impersonation is done through a phishing attack or keylogger, ultimately compromising an individual's email. Once the fraudster is able to successfully impersonate a company executive in a financial role or similar access, the rest of the scam is a matter of social engineering. This latter part tricks unsuspecting employees into completing a wire transfer or paying invoices from a supplier. Instead of the money going where it is supposed to, the money goes to the fraudster.
BEC scams, lately also called COVID-19-themed email security attacks, don't affect just small name companies. Recently, Amazon was the victim of a $19 million BEC scam done by two brothers in New York State. The brothers tricked Amazon's vendor system into making payments for goods the company never purchased.
As more people are working from home, BEC scams have been on the rise. General BEC scams increased by 389 percent for U.S. businesses between Q1 and Q2, according to a recent Abnormal Security report.
There's been a 60 percent increase in ransomware payment signals, according to data from Coveware. This increase occurred over just three months with an average payout of $178,254 for Q2 2020, compared to $111,605 in Q1, as reported in August by Security Boulevard. Companies that recently paid ransomware include Cannon and Garmin.
Big companies aren't the only targets of BEC ransomware. With the surge in work-from-home, there's been a 41% increase in remote desktop protocol (RDP) sessions. These types of attacks are costly not only in direct payments but also in time. Downtime has increased by 7 percent due to attacks, which is up from Q1 2020. For many businesses, this means weeks of downtime.