BEC campaign attack volume increases 15% in Q3, 2020; invoice and payment fraud attacks rise 155% quarter-over-quarter, partially fueled by pandemic
Business Email Compromise (BEC) campaign volume increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, according to Abnormal Security’s Quarterly BEC Report for Q3, 2020. The report analyzes BEC attacks tracked by Abnormal Security from July-September 2020.
“As the industry’s only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers,” said Evan Reiser, CEO of Abnormal Security. “Not only are BEC campaigns continuing to increase overall, they are rising in 75% of industries that we track. Since these attacks are targeted and sophisticated, these increases could indicate an ability for threat actors to scale that may overwhelm some businesses.”
For this research, Abnormal Security tracked BEC campaigns across eight major industries, including Retail/Consumer Goods & Manufacturing, Technology, Energy/Infrastructure, Services, Medical, Media/TV, Finance and Hospitality. During Q3, Abnormal found that BEC campaign volume increased in six out of eight industries, with Energy/Infrastructure seeing the highest jump of 93% from Q2 to Q3. Retail/Consumer Goods & Manufacturing, Technology and Media received the highest volume of attacks during the quarter.
Among the numerous categories of attacks that Abnormal Security prevents for its Fortune 500 clients, it uniquely stops two types of BEC attacks: social engineering BEC, with a goal to impersonate internal employees and VIPs or external partners, and invoice and payment fraud BEC attacks, with a goal of stealing money from companies. During Q3, attackers continued to focus primarily on invoice and payment fraud, which increased 155% from Q2 to Q3. This trend was particularly notable in Retail/Consumer Goods & Manufacturing.
Threat actors continue to target invoice and payment fraud BEC attacks at finance departments, which increased by 54% on average per week from Q2 to Q3. In addition, attackers shifted tactics by increasing email attacks to group mailboxes by 212%.
Additional findings from Abnormal’s Q3 BEC research include:
- While credential-phishing COVID-19 related attacks decreased by 82%, invoice and payment fraud that continues to leverage the fear, uncertainty and doubt of the pandemic increased by 81%.
- The most impersonated brands returned to the pre-pandemic “normal,” as Zoom dropped away from the top spot, replaced by DHL and followed by Dropbox and Amazon. Rounding out the top five were iCloud and LinkedIn.