This form of attack primarily targets the C-Suite in order to impersonate them.
In the world of BEC attacks, those that employ requests for wire transfers are almost devastatingly effective.
Asaf Cidon, the Vice President of Content Security at Barracuda Networks, explains why:
“Criminals use business email compromise attacks to obtain access to a business email account and imitate the owner’s identity, in order to defraud the company and its employees, customers, or partners. In most cases, scammers focus efforts on employees with access to company finances or payroll data and other personally identifiable information.”
The attack unfolds when the hacker, pretending to be a company CEO or other high-ranking official requests immediate payment, usually via wire transfer.
Again, per Asaf Cidon:
“The sense of urgency, a request for action, or a financial implication used in BEC schemes tricks targets into falling for the trap. For example, an accountant may receive a fraudulent email request for a wire transfer from the company CEO, which includes a spoofed version of the CEO’s email address and even the CEO’s own email signature.”
According to a 2016 report published by Trend Micro, a successful BEC attack nets the hacker an average of $140,000. Given how easy they are to pull off (and how low-tech), don’t expect this type of attack to show any signs of decline in the foreseeable future.
What makes BEC attacks even more troublesome is the fact that law enforcement officials believe that few attacks of this type are ever reported, and that the losses to business could be up to four times the figure we cited earlier.
Worst of all, these types of attacks appear to be increasing in their frequency. Unfortunately, C-Suite employees are notoriously resistant to basic security training, meaning that there are no easy solutions to this large and growing problem.