Email Account Takeover Leads to BEC & VEC

In our most recent report, we describe our observations about phishing, BEC, and malware attacks including:

  • Per capita, malicious inbox content has more than doubled within the past two years
  • Almost 80% of malicious inbox threats are phishing attacks 
  • Phishing attacks have been known as the origin of large breaches as well as ransomware attacks

The catch rate is crucial when it comes to accounting compromise attacks. Having the ability to defeat these attacks ahead of time reduces the impact and cost of the attacks, while also ensuring these attacks don’t spread through the enterprise. 

What is Phishing?

Phishing has become an all-encompassing term for any malicious email content. However, the classic definition of phishing is an email that contains a URL to a web page designed to trick the user into exposing login or payment details. 

What is BEC?

Business Email Compromise is an email designed to impersonate an individual and convince the recipient to take action like a fraudulent money transfer. BEC emails usually do not contain URLs (phishing) or attachments (malware). Vendor Email Compromise is a term used to describe a BEC attack impersonating a business partner or one that is sent from a compromised business partner email account.

What is Malware?

Malware is intrusive software designed to damage and potentially destroy computers or computer systems. Examples of different forms of malware include computer viruses, worms, Trojans, spyware, ransomware, and even adware.

Phishing, BEC, & Malware Tactics

Using Compromised Email Accounts

A highly effective social engineering tactic uses compromised accounts instead of botnets or email delivery services to send malicious messages. Email threats from compromised accounts are very difficult for secure email gateways and Microsoft 365 Defender to block because the messages are coming from trusted services (like Hotmail or Gmail), an authenticated sender, or the whitelisted domain of a business partner. One of the primary aims of malware and phishing campaigns is therefore to acquire enough compromised accounts to make BEC attacks much more convincing.

Targeted/Spear Phishing Attacks

Spear phishing is a targeted type of phishing attack, which focuses on specific people or groups of people. In a spear phishing attack, a perpetrator typically deceives a target into clicking on a spoofed link in an email, or another form of communication. In June 2022, for example, over 50% of all detected phishing and malware attacks were received by multiple users. That said, out of these attacks, about 66% of these attacks were only delivered to 1-10 users, which suggests that the attacks were targeted. It also suggests that successful spear phishing attacks lead to BEC.

Detection Models to Protect from BEC Tactics

Real-Time and Continuous Analysis

Real-time and continuous analysis can help detect active inbox threats at the time of the initial inspection. Different techniques include natural language processing (NLP), as well as real-time content analysis, and user entity behavior analytics in order to identify malicious or suspicious message content as it enters the inbox.

Threat Intelligence

Threat intelligence works to detect threats that are active after the initial inspection. It also looks for anything missed by real-time analysis. It requires business owners to keep records of message metadata such as URLs, file attachment fingerprints, or different sender addresses. It then continuously compares them to constantly evolving malicious objects.

User-Reported Detection

User-reported detection is a more manual model which relies on end-users spotting suspicious messages and submitting them to security analysts who then investigate the messages. 

Final Thoughts

Threats are continuing to increase with a monthly average of 75 confirmed email threats per 100 mailboxes. That is a rate of 75%. Organizations with lower rates either don’t have a thorough breakdown of the problem or they just happen to be less of a target.

With threats such as ransomware, account takeovers, and vendor email compromise being “on trend,” data suggests that organizations can improve their ability to prevent those issues by optimizing the way they detect and contain evasive attacks. With Cyren Inbox Security, you can make sure you can prevent and remediate these attacks.