• by Ray Schultz , January 31, 2018

Almost 100% of all companies received business email compromise (BEC) emails during the second half of 2017, according to the Business Email Compromise Attack Trends Report, a study by cybersecurity firm Agari.

Agari analyzed over 1 billion emails that were considered safe by conventional security solutions, and found that 95% of organizations were targeted, and that they experienced an average of 45 BEC attacks.

The solutions included Secure Email Gateways (SEG), Advanced Threat Protection (ATP) and Targeted Attack Protection (TAP), the company claims.

Conventional security tools are ineffective against BEC attacks because there are no malicious attachments or URLs to detect.  

Malware-free phishing is covered in today’s Email Insider. 

The  FBI reports that BEC attacks caused $5.3 billion in losses between 2013 and 2016, according to Agari.

BEC attacks can be fought using DMARC, Microsoft Office 365, Google G Suite and Agari’s own Advanced Display Name Protection, the firm says.  

“Business email compromise is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” states Markus Jakobsson, chief scientist, Agari.

He adds, “At its core, business email compromise is a social engineering attack that leverages familiarity, authority and trust, which can result in billions of dollars of losses to businesses.”