14th Oct 2018
The Next (ramped up) Generation of Phishing
Beware and on guard. From JLT:
“Phishing, as a means for cyber criminals to use email to access an organisation, has been around for a long, long time. So long, in fact, that there is now spear phishing (targeting an individual), whaling (targeting the CEO and other CxOs) and minnowing (going after those lower down in the organisation who have access to critical information). The next generation of phishing is called BEC or Business Email Compromise and it is having a bigger impact on companies than ransomware.
BEC is when cyber-criminals use email spoofing to quickly defraud a business out of substantial sums of money. In a survey on Internet Crime published by the FBI in 2017, BEC topped the list for business losses and was in the top 10 for the number of affected victims. You are nine times more likely to be targeted by BEC than ransomware, and financial losses from BEC are 290 times higher than those from ransomware.
The premise is simple, an email is sent to someone in the organisation with, for example, a request to pay an invoice or to change some account details. The sender appears to be ‘the boss’ and the recipient is someone who deals with paying invoices, i.e. someone in the finance team. Human nature inclines you to trust the sender because of the name and this is why BEC has become so successful.”