‘Email Fraud Threat Report’ Shows Pressing Danger of BEC Attacks

In its Email Fraud Threat Report: Year in Review 2017, Proofpoint (our parent company) highlights the rise of business email compromise (BEC) attacks during the course of 2017. The report draws from analysis of more than 160 billion emails sent to more than 2,400 organizations across 150 countries. Following are some of the key findings related to these specialized phishing attack patterns:

More Organizations Were Targeted More Frequently Than in 2016

• 88.8% of companies faced at least one email fraud attack in Q4 2017, compared to 75% in Q4 2016.
• Organizations received, on average, 18.5 BEC attacks per quarter in 2017, a year-over-year increase of 17%.
• Q3 and Q4 of 2017 were two of the three highest-volume quarters Proofpoint has ever recorded for email fraud.

Attackers Are Targeting More Roles Within Organizations

• 47% of organizations saw more than five identities spoofed in Q4 2017, nearly double that of Q3 2017.
• On average, about 13 individuals within a given organization were targeted in BEC attacks in Q4 2017.
• Attackers are more regularly moving beyond CEO-to-CFO spoofing to target business groups like HR and accounts payable.

Attackers Don’t Discriminate Based on Business Size or Industry

• Proofpoint researchers saw “almost no connection between company size and how often it is targeted by email fraud.”
• Though organizations in the financial services, manufacturing, healthcare, and energy/utility sectors face a slightly higher frequency of attacks, researchers “saw a mostly uniform spread of email fraud attempts across industries.”

Subject Lines and Tactics Are Becoming More Varied

• “Payment,” “request,” and “urgent” remain the most popular keywords in the subject lines of fraudulent emails, but Proofpoint saw a 1,850% increase from 2016 to 2017 in BEC attacks that took a “legal” angle.
• More than 11% of email fraud attacks in Q4 2017 used some form of email history fabrication (i.e., they included a “Re:” or “Fwd:” in the subject line, a fabricated reply history, or both).

Spoofed Domains and Display Names Were Leading Attack Techniques

• 93% of organizations were targeted by at least one domain-spoofing attack in 2017.
• 40% of BEC attacks in Q4 2017 featured display-name spoofing via web-based email services, with aol.com and gmail.com being the most commonly utilized sending domains.

Additional Insights Are Available in the Report

For more details about the report’s findings — including statistics related to wire-transfer fraud, tax-related scams, and lookalike-domain spoofing — download a copy of the Email Fraud Threat Report from the Proofpoint website.