Research says cybercriminals are targeting accounts payable departments.
According to the latest report from Abnormal Security, there has been an increase on Business Email Compromise (BEC) attacks that are targeting accounts payable departments. The report says there is a 28% increase in the volume as well as the frequency of BEC attacks in Q4 of 2019, and a 17% increase in large campaigns aimed at 10 or more recipients. At the same time, a decrease by 37% was witnessed in individual BEC attacks targeted at the C-suite.
They are also trying to establish trust via email exchanges before launching an attack. Cybercriminals are impersonating vendors by folding into the natural workflow. BEC attackers maintain a targeted approach, but strategically group victims to gain social validity and increase the chances of engagement. These criminals do not instantly go for the money, but instead, work engages engaging with the victim and gain trust by asking for a small piece of information that appears like a legitimate request.
The report notes that the BEC attackers have stopped targeting the large C-suite players owing to extensive media coverage. Cybercriminals are taking advantage of the current pandemic, riots, and general social unrest to target their victim. Hackers have always considered BEC attacks as one of the top-most ways to remain profitable. Earlier in February, the FBI reported that BECs accounted for roughly half of the $3.5 billion in cybercrime losses in 2019.
In order to combat BEC attacks, organizations need to conduct education and awareness
campaigns among their employees. Training staff to recognize the signs of a scam can go a long way toward reducing the risk of compromise and preventing fraud. The finance department that is responsible for accounts payable section should double-check invoices and validate if they are legitimate. Also, C-suite executives need to empower employees and ensure they feel comfortable asking about additional details of vendors.