Research done by Barracuda Networks has identified nearly 6,170 malicious accounts that have been responsible for Business Email Compromise (BEC) attacks in nearly 6,600 organisations. In the research, the cloud-enabled security provider has highlighted that over 1 lakh such attacks from malicious email accounts in 2020.
Malicious hackers register email accounts with legitimate services and then use these accounts to conduct impersonation and business email compromise attacks. The hackers temporarily abandon their account after initial attacks and then reuse them after a long gap, the research says.
Initially, the scamsters impersonate an employee or trusted partner in an email attack to establish contact and trust. Expecting a reply to their BEC attacks, these “attacks are usually attempted at a very low volume and are highly personalised to ensure a higher chance of a reply,” the report said.
According to the research, cybercriminals design BEC attacks to bypass email gateways. Business enterprises can detect BEC attacks by leveraging artificial intelligence to identify unusual senders, requests, and other communications. “Business enterprises can also train their employees to identify targeted phishing attacks by recognising the messages that come from outside of organisations and stay aware of the latest tactics used by cybercriminals,” it further added.