Business email compromise (BEC) attacks have risen sharply over the past year thanks to the use of AI tools to generate scam messages, according to a new study from Vipre Security Group.
The threat intelligence provider’s Email Threat Trends Report: Q2 2024 is based on proprietary intelligence from the firm.
The vendor processed 1.8 billion emails globally, detecting 226 million spam messages and nearly 17 million malicious URLs during the period.
It claimed that nearly half (49%) of these blocked spam emails were BEC attacks, with the CEO, followed by HR and IT, the most common targets. In total, Vipre recorded a 20% increase in BEC attacks in Q2 versus the same period in 2023.
Two-fifths (40%) of those BEC attacks were generated by AI, the firm claimed. Usman Choudhary, Vipre’s CTO, warned that BEC volumes could grow exponentially as AI technology matures and is used by more threat actors.
“Malefactors are now leveraging sophisticated AI algorithms to craft compelling phishing emails, mimicking the tone and style of legitimate communications,” he added.
“The next wave of BEC attacks could see attackers using AI to dynamically analyze and exploit real-time information, creating tailored and contextually accurate scams nearly indistinguishable from genuine correspondence. Enterprises must stay ahead by adopting robust AI-driven defenses and continuously educating their workforce on emerging threats.”
Read more on BEC: BEC Attacks Surge 81% in 2022
BEC was the second highest grossing cybercrime type in 2022, amassing over 2.9 billion for threat actors, according to the FBI.
The manufacturing sector bore the brunt (25%) of email attacks in the quarter, followed by retail (20%) and real estate (11%). The Vipre report claims threat actors are targeting what they perceive to be sectors that have under-invested in advanced cybersecurity measures.
Q2 2024 saw twice as many evasive malicious attachments compared to the previous year, while 17 million malicious URLs were identified, a 74% increase from the previous year.