The stats are in, and they are alarming!
Business Email Compromise (BEC) attacks are up 81% in 2022!
Small Medium Businesses often say to us that they don’t need to worry about cyber because they’re not worth it for an attacker. Unfortunately, that’s incorrect. There was 145% increase in these malicious emails targeting SMBs. Your money is as good as the next person’s!
The news only gets worse. Not only is there this huge increase in the number of emails, but the open rates were staggeringly high. 28% of the emails were opened with 15% replying – more than 1 in 4 people opened the emails and more than 1 in 8 people replied!
Of those that replied, the number of entry-level staff that fall victim is pause for thought. 78% of entry level staff opened the email and replied.
The techniques these people use are straightforward.
Firstly, their emails look plausible. The language in some of the emails is perfect, and if they use AI tools, they can even masquerade as someone you know and adopt the tone of that person.
Next, they tend to add urgency to the message. They want to make it impractical for you to double check.
Sometimes the email is to quickly trick the recipient to hand over something – typically money or a simple financial instrument, and other times it is to gain access to protected systems. Recently we have seen examples where their goal is just to establish a relationship and build trust that they will exploit later.
These emails are incredibly hard to stop.
They might not contain a virus or malware themselves, but instead they might direct you to an infected website. The content can be clever, making it hard to block them without also blocking legitimate email.
That is why the new Kinetics KARE plans talk to a range of risk minimisation solutions.
From phishing tests to web browser protection, and from education to anomalous behaviour detection. MFA reduces your risks immensely, but none of these are a silver bullet. There is no one solution that will protect you so we offer layers of protection, bringing tools and protections that seemed excessive just a year ago but now form the basis of good practice.
Source:
https://www.infosecurity-magazine.com/news/bec-attacks-surge-81-in-2022/
https://abnormalsecurity.com/resources/h1-2023-report-employee-open-rates