Cyber criminals took a much-needed break during the 2019 Christmas season.
Business Email Compromise (BEC) attacks fell by 63% in the last two weeks of December after peaking in the week prior to Christmas, according to Agari’s Q1 2020 fraud update.
This proves that these criminal organizations operate like legitimate businesses: they form mentor relationships, and buy the same email lists and tools that other companies use, Agari says.
They also observe the down time enjoyed by their employees and intended victims — offices are largely empty during the last week of the year.
During the holiday, 62% of the BEC attacks were gift card requests, 22% were direct transfers and 16% were payroll diversions.
Individual impersonation attacks made up 32% of the total attacks between of October and December -- up from 12% in second-quarter 2019 -- and they now have parity with brand impersonations, Agari reports.
The reason is that recipients trust the sender name displayed in the email, which Agari attributes to human nature.
Fortune 500 companies have a cavalier attitude about it all -- 85% are vulnerable, Agari claims.
“People tend to snicker when they hear about email scams, because they immediately think of the old Prince of Nigeria schemes,” states Patrick R. Peterson, founder and CEO of Agari.
But these schemes “have matured into sophisticated, socially engineered attacks that equate to billions of dollars in reported fraud loss,” Peterson adds.
Email is the delivery vehicle for most attacks.
Agari urges companies to automate their fraud detection processes and to utilize DMARC (Domain Message Authentication Reporting and Conformance), the standard security protocol.