Most BEC Attacks Come from a Small Pool of Malicious Accounts, Study Finds

Business email compromise (BEC) attacks tend to arrive from similar sources, affecting different companies. Barracuda's latest report reveals that 45 percent of all BEC attacks detected since April 1 come from malicious accounts. 

Companies have to look out for BEC attacks just as they do for other threats such as spam and malware. And just like those security problems, BEC takes many forms. The most direct way involves using malicious accounts, but more complex approaches include phone calls and social engineering. 

Unlike other attacks via email, like spam, BEC attacks have different goals. A spam email carrying malware could infect the network, leading to deployed ransomware or data leaks. A BEC attack usually is a lot less sophisticated and often targets people in charge of payments in an organization. The goal is simple: trick people into sending money to a bank account that belongs to the attacker. 

While it's tempting to believe that each attack targets a specific company, bad actors use the same accounts to target multiple organizations simultaneously. It works just like spam campaigns, ensuring that someone, somewhere, will make a mistake. 

"Since the beginning of 2020, researchers at Barracuda have identified 6,170 malicious accounts that use Gmail, AOL, and other email services and were responsible for more than 100,000 BEC attacks on nearly 6,600 organizations," says Barracuda. "In fact, since April 1, malicious accounts have been behind 45 percent of the BEC attacks detected." 

The most used email service for BEC attacks is Gmail. The reason is straightforward - it's easy to make an account and the service has a good reputation, so it usually slips past company defenses. 

Some malicious accounts are active only for a couple of days, while others stay active for up to a year. Some attacks target specific companies, but criminals use the same email accounts to attack different organizations. 

"The number of organizations attacked by each malicious account ranged from one to a single mass scale attack that impacted 256 organizations — 4 percent of all the organizations included in this research," the study also revealed. 

The best way to stay safe against BEC attacks is to train the employees to recognize them. Also, it pays to have a robust security solution to cover the employee's endpoints.