A new report from Barracuda, a provider of cloud-enabled security solutions, has revealed that Business Email Compromise attacks made up 12% of all spear-phishing attacks throughout 2020, a huge increase from just 7% in the year before.
This key finding was just one of many insights revealed in the new report, titled: Spear Phishing: Top Threats and Trends Vol. 5 – Best practices to defend against evolving attacks, which takes an in-depth look at how attackers are quickly adapting to current events and using new tricks to successfully execute attacks — spear phishing, business email compromise, pandemic-related scams, and other types.
The report revealed that 72% of Covid-19-related attacks are scamming. In comparison, 36% of overall attacks are scamming. Attackers prefer to use Covid-19 in their less targeted scamming attacks that focus on fake cures and donations.
Furthermore, 13% of all spear-phishing attacks come from internally compromised accounts, so organisations need to invest in protecting their internal email traffic as much as they do in protecting from external senders.
Interestingly, 71% of spear-phishing attacks include malicious URLs, but only 30% of BEC attacks included a link. Therefore, hackers using BEC want to establish trust with their victim and expect a reply to their email, and the lack of a URL makes it harder to detect the attack.
“Cybercriminals adapt very quickly when they find a new tactic or current event that they can exploit, as their response to the Covid-19 pandemic proved only too well,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Staying aware of the way spear-phishing tactics are evolving will help organizations take the proper precautions to defend against these highly targeted attacks and avoid falling victim to scammers’ latest tricks.”