Wire transfer emails are the most common Business Email Compromise (BEC) attacks, according to a report from Barracuda.
These schemes account for 46.9% of all BEC scams. For instance, one has the subject line “Vendor payment” and says: "Hey Joe, I need to send a wire transfer ASAP to a vendor."
Another 40.1% fall into the click malicious link category. These might say: “I tried to reach you by phone today, but I couldn’t get through. Please get back to me with the status of the invoice below.”
In addition, 12.2% are designed to establish rapport. A sample subject line: “At desk?” Then it would say, “Joe, are you available for something urgent?”
Also, 12.2% seek to steal information. Finally, 0.8% of the attacks ask the recipient to send the attacker personal identifiable information (PII), typically in the form of W2 forms that contain social security numbers.
Of the personalities impersonated, 42.9% are CEOs, and 2.2% CFOs.
However, only 2.2% of the BEC recipients are CEOs, and 16.9% are CFOs.
Barracuda also reports that 4.5% of those impersonated parties are C-level executives. And 48.1% fall into the “Other” category.
Barracuda reviewed 3,000 BEC attacks that went through its Sentinel system.