A recently published report outlines the top trends in business email compromise (BEC) attacks for 2023. In the first quarter of the year alone, there was a 25% increase in unique attacks compared to the last quarter of 2022.
Researchers note the top ways attackers attempt to dupe users:
- Payroll Diversion: Users may be asked to change bank account, payroll, or other sensitive information like direct deposits
- Request for Contact: Attackers will ask for the recipient’s phone number or email address
- Task: A potential victim is asked for assistance with urgent tasks or favors
- Availability: A short email wanting to know availability of someone at their desk or in the office
- Invoice Transaction: Fraudulent emails with fake overdue invoice statements
- Gift Purchase: Asking the recipient to buy a gift card, to surprise other employees with a gift
- Wire Transfer: Requesting a certain amount of money to be wire transferred
- Request for Document: Attacker wants the user to provide a copy of an aging report, w2, vendor list, or other
Security awareness and security awareness training should always remain top priorities to stay safe against attacks like these. To learn more about training, and the additional two trends noted by KnowBe4, visit here for more information.