In terms of making headlines, ransomware attacks and cyber extortion tend to make the biggest waves, but arguably the most common form of financially motivated cyber crime is business email compromise (BEC).
Cyber insurance firm Coalition recently held a security forum in Sydney, where Eden Winokur, head of the cyber team at law firm Hall & Wilcox, said that fully 40 per cent of all cyber security incidents his firm has dealt with over the last two years involved BEC, whereas only 22 per cent involved ransomware.
And according to new research from cyber security vendor Fortra, BEC attacks surged in April.
Fortra’s BEC Global Insights Report for the month revealed a worrying 151 per cent rise in BEC attacks month on month, with the most common method being advance-fee fraud, which accounted for 26.8 per cent of all cash-out methods.
The amount of money BEC attackers sought also rose in April, rising to US$60,723 compared to US$47,652 in March.
Poison Apple
Gift cards are a common vector exploited by BEC scammers, and in April, Apple Store gift cards were the card of choice. Of all gift card requests, 54.9 per cent were for Apple Store cards, with Amazon following at 26.4 per cent and Sephora at 7.7 per cent.
In this form of scam, an email may come from a superior asking an assistant to purchase several gift cards, commonly dozens at a time, to be sent out to clients or employees, possibly as a loyalty reward. The superior asks for the cards’ serial numbers right away, and then the value is cashed out by the scammer or used to purchase goods.
Cryptocurrency was also popular in April, with Fortra tracking 45 crypto-related scams linked to 32 unique bitcoin wallets. The amounts requested ranged from US$800 to an impressive US$2,766,345.32.
Wire transfer attacks in April rose as well, increasing by 262 per cent compared to March. The average amount requested also rose, from US$47,652 in March to US$60,723.
“Analysis of requested amounts showed that 14 per cent of wire transfer requests were under US$10,000, while 73 per cent fell between US$10,000 and US$50,000,” JT Newby, Fortra’s principal threat research lead, said in an 11 May blog post.
“Requests between US$50,000 and US$100,000 accounted for 8 per cent, and 5 per cent exceeded $100,000.”
Perhaps unsurprisingly, the African nation of Nigeria was the source of most BEC attacks. Thirty-six per cent of all BEC attempts originated in Nigeria; however, the United States ranked not far behind, accounting for 34 per cent of BEC attacks.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.