BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries

Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up.

In the midst of adjusting to working-while-COVID, ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest over the last quarter.

According to the report:

It’s evident that the cybercriminals behind these attacks are thinking organizations are doing better financially, and have shifted their tactics to try to find an unwitting internal accomplice within the victim organization to assist with the fraudulent inquiries.

The rise in interest in invoice/payment fraud scams is likely due to its ease of execution. Take a look at the example below from the report:

By sending this to a group mailbox assigned to Accounts Payable, it’s far less necessary to appear credible to an individual, as it’s reasonable that not everyone in your AP department knows every one of their counterparts at a partner organization.

Throw in a dash of good old fashioned domain impersonation to make the email appear real, and you can see how it would be easy to convince someone in AP to change the bank accounts used for payment.

Users within your AP department need to be instructed to use a verification protocol anytime a request to change banking details is made. This should be done using a communications medium other than the one the request was made through, and should use known contact details rather than any provided within the request. Additionally, users involved with any form of managing the organization’s finances should be enrolled in Security Awareness Training to help increase their alertness when it comes to potentially-harmful emails like this.


Partner, Law Firm

We hired IT360 as our computer hardware and software computer consultants when the company first went into business. Since then, they have helped us purchase new software and hardware equipment that we have instituted into the law firm. Any time we needed them to be there they have been. They have solved all of our problems including: stand alone computers, networking issues, Internet access issues, and software. I would highly recommend IT360 to anybody who needs help in these areas.

Partner, Law Firm

Technology News

IT360 News
Social Engineering Red Flags

Social engineering is a sophisticated technique that malicious actors use to manipulate individuals into revealing sensitive information, such as passwords or bank details, which they then use for fraudulent activities. Recognizing the red flags associated with social engineering is crucial for protecting personal and organizational data. Phishing emails are one of tricky tools used in […]

Read more
IT 360 News
How Our History Supports Your Future

By Matt Machala Although the way we support businesses has changed since IT360 was founded in 2006, our why hasn’t changed. Since the beginning, we’ve helped businesses keep pace with technological advancements, improve productivity and minimize downtime with technology services tailored to each client.  Teamwork for Your Tech Needs As technology has evolved, so have […]

Read more