Report: Business email cons rampant

Security firm Trend Micro is drawing attention to a scam that normally does not get a lot of attention in its new security report for the first half of 2016.

In addition to headline-grabbing types of attacks, including the point of sale hacking that has plagued businesses like Wendy’s, and the continuing rise of massive data breaches, the firm is including a type of attack that does not involve malware or stolen passwords to its roundup of security threats.

Business email compromise (BEC), in which an attacker uses email to convince a victim to wire them money or send them goods, has caused over $3 billion in damage worldwide and hit more than 22,000 businesses since January 2015, according to the FBI. 

But BEC does not get wide attention, said Ed Cabrera, Trend Micro’s chief cybersecurity officer, because businesses hit by the attacks are under no obligation to disclose it. 

{mosads}“BEC doesn’t fall in line with data breach laws — it’s just a digital con game. And unlike other attacks, it does not cause a loss of operational time. When a hospital has to close its doors for 24 hours it has to address it, because people are going to notice,” he said. 

Trend Micro alone tracked more than 2,000 BEC attacks in the United States in the first half of 2016, according to the report released Tuesday. 

BEC scammers trick someone into taking action through social engineering in the same way as phishing attacks. 

A BEC attack, notes the Trend Micro report, might involve considerable research into a target. The attacker might research a company’s legal settlement, closely imitate a law firm’s email account, logo and verbiage, and demand its monthly transfer of funds. It could also be a fake vendor demanding payment or another convincing scheme. 

“BEC scams are treacherous. Though their design is extremely simple, the tactics attackers use for a successful BEC campaign is quite complex and effective as it appeals to people’s respect for authority,” the report said.

The report also notes trends in other types of attacks. The rate hackers are developing new types of ransomware — malware that prevents a system from working properly until a victim pays of ransom — is increasing at an exponential rate. There are nearly triple the number of new families of ransomware in the first half of 2016 as the entirety of 2015.