U.S. Firms Most Likely To Suffer Email Fraud Attacks: Study

A shocking 88% of companies worldwide were hit by email fraud attacks in fourth-quarter 2017, and 75% suffered at least one attempt in the last two years, according to Understanding Email Fraud, a study released on Tuesday by Proofpoint. And U.S. firms were at the top of the global list.

Of the worldwide victims, 55.7% experienced business disruption, with 63% reporting this within the finance sector. A third sent money and half lost sensitive data.

Moreover, 77% expect to fall victim to a business email compromise (BEC) attack within the next 12 months.

Yet many firms lack an effective email fraud defense. They blame lack of technical understanding (41%), lack of budget (36%) and the technical complexity of the company’s email ecosystem. Another 30% cite lack of executive support. 

Proofpoint surveyed companies with 200 or more employees. Except for Australia, where 250 people participated, roughly 500 respondents took part in each country. 

Firms in the USA were most likely to be hit by scam emails multiple times, followed by Australia, France and the UK. At 61%, they were also most likely to suffer business disruption, with UK firms a close second. Germany was last, with 49% saying so.

U.S. companies were also most likely to lose sensitive data — almost 60%. Respondents in other countries were much less likely.

Employees were fired for these lapses in a fourth of the cases, with U.S. companies most likely to take that action. France was least likely because of its employment laws.

Companies are most fearful of their financial team receiving false emails, with 62% in the U.S. saying so and 57% in the UK. Next is accounts payable. The C-suite is third, cited by 44% in the U.S. and 30% in the UK. The general workforce is seen as being the least at risk. 

Of the organizations surveyed, 82% see fraud as a board-level issue, led by the U.S. with 91%. In contrast, 76.8% say so in Germany and 74.6% in France. In addition, 59% consider it a top security risk, not just an IT issue.  

Yet 62% admit that have no financial controls in place to head off wire transfer fraud. And only 46% deployed email encryption. At the same time, 23% have purchased insurance to cover email fraud risks. 

“Email fraud is highly pervasive and deceptively simple; hackers don’t need to include attachments or URLs, emails are distributed in fewer volumes, and typically impersonate people in authority for maximum impact,” states Robert Holmes, vice president of email security products for Proofpoint.

He adds: “These and other factors make email fraud, also known as business email compromise (BEC), extremely difficult to detect and stop with traditional security tools.” 

 

Next story loading loading..