• by Ray Schultz , November 22, 2019

Business email compromise (BEC) attacks draw an average 10% click-through rate, according to the latest volume of Barracuda’s Spear Phishing: Top Threats and Trends.

Most email marketers would be happy with that CTR. Andthat number triples for emails that impersonate an HR or IT person.

There are serious consequences: The average amount lost to each victim firm in the last 12 months was $270,000.

Moreover, BEC scams have cost businesses over $26 billion in the last four years, according to the FBI, the study notes.

While a minority of spear-phishing attacks, BEC scams are effective because of their targeting, Barracuda writes.

The report also found that 91% of BEC attacks occur on weekdays, and many are sent during business hours for the targeted company.

The average BEC attack targets six employees; indeed, 94.5% are aimed at less than 25 people. 

"Attackers continue to find new ways to make business email compromise attacks more convincing, ultimately making them more costly and damaging to businesses," states Don MacLennan, SVP, email protection, engineering and product management, Barracuda. 

MacLennan adds, "Taking the proper precautions and staying informed about the tactics cybercriminals are using will help organizations defend themselves more effectively against these highly targeted attacks."