Over 400 companies are targeted by so-called Business Email Compromise (BEC) scams every day, with at least two employees per business hit with an email, according to new data from Symantec highlighting a worrying rise in such threats.
BEC, also known as CEO-fraud or whaling, is a pretty low-tech scam in which a member of the finance team is usually targeted with an email spoofed to come from the CEO or CFO and requesting the transfer of corporate funds into a third party account.
In June the FBI warned that since January 2015, there has been a 1300% increase in identified exposed losses, with the total figure since October 2013 – including US and non-US victims – now standing at over $3 billion.
Interestingly, according to Symantec nearly 40% of victims are SMEs, with the next biggest target the financial sector (14%).
The security giant claimed that BEC is actually an evolution of the infamous Nigerian 419 scam, with nearly half (46%) of the IP addresses linked to such attacks located in the African nation.
This makes Nigeria the most prolific country when it comes to whaling, followed by the US (27%) and UK (15%), although it must be caveated that some of the scammers may have hidden their true location.
Still, one group whose activity centers around Nigeria is responsible for a massive 12% of all BEC email traffic recorded by Symantec, having targeted over 2,700 organizations over the past two months alone.
For IT managers looking to improve user education, it should be noted that the most popular subject line in such scam emails is “Request” (25%). Subject lines in these emails tend to be simple and innocuous in order to fly under the radar and appear convincing.
Symantec urged organizations to ensure staff question any emails requesting actions which deviate from standard procedure.
It added that they should be trained not to reply to any suspicious emails but instead find the sender’s address from the corporate address book and quiz them on the mail. Two-factor authentication for wire transfers will also help to lock down risk, Symantec claimed.