Microsoft: Your business really needs to step up its email protection, and here’s why
Business Email Compromise attacks are rising, Microsoft says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas releasednew findings claiming email-borne attacks are growing not just more destructive, but also harder to detect.
As seen in the company’s Cyber Signalsreport, the number of businessemailcompromise (BEC) attacks that companies face on a daily basis has hit 156,000, representing a 38% increase compared to 2019.
During a BEC attack, a threat actor will try to impersonate a high-ranking officer within an organization (for example, a chief finance officer or similar), and will try to use their authority to get an employee (for example, someone in the finance department) to transfer funds quickly and silently. Oftentimes, the “CFO” will say the company is finalizing a buyout of a competitor, a process that needs to be kept under wraps, and will ask the employee to transfer the funds “urgently”.
Millions in losses
The results are devastating, with businesses losing millions of dollars on fraudulent transactions. Microsoft cited the UK government’s recent Cost of Cyber Crime Report, which stated that these attacks cost the country’s economy roughly £27bn every year. The National Fraud Intelligence Bureau (NFIB) received more than 40,000 reports from victim organizations between April 2022 and 2023. Thes companies seem to have lost more than £2.2bn in that timeframe.
Furthermore, the effects of the incident can be felt in the months and years to come, through identity theft and data leaks.
What is phishing and how dangerous is it?>Everything you need to know about phishing>Here’s our list of the best endpoint protection services around
BEC has gotten more popular lately, prompting some cybercriminals to facilitate the practice through different services. Some cybercrime-as-a-service (CaaS) operators can provide credentials and the IP address of victims, allowing threat actors to easily launch Business Email Compromise (BEC) campaigns that are more difficult to detect and disrupt.
Through CaaS, malicious actors can buy entire business packages on the dark web, which provide them with everything they need to launch a successfull attack, the company concluded.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“BEC attacks offer a great example of why cyber risk needs to be addressed in a cross-functional way with IT, compliance, and cyber risk officers at the table alongside executives and leaders, finance employees, human resource managers, and others with access to employee records like social security numbers, tax statements, contact information, and schedules,” noted Vasu Jakkal, Microsoft Corporate Vice President, Security, Compliance, Identity, and Management.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
