Dealing with the Global Threat of BEC Attacks as Cybercriminals Go International

4 min readJul 30, 2019


Editor’s Note: This blog post was originally found on the Agari Email Security blog.

By Patrick Peterson

Business email compromise (BEC) attacks are still a prime tool in the arsenal of cybercriminals when it comes to committing fraud and stealing large sums of money. While BEC phishing attacks have been big news in the United States recently, advanced email threats are a very serious problem globally. Private businesses and public institutions across the globe must be vigilant towards the threat that BEC attacks pose.

According to Verizon’s 2019 Data Breach Investigations Report (DBIR), BEC is “still advantageous for the criminal element” precisely because it provides a quick way to cash out. Other types of cybercrime require work on part of the adversaries to convert stolen data into accessible wealth.

Meanwhile, BEC requires only that someone responds to an initial email and believes the person on the other end long enough to fulfill his request. This is especially true as gift cards become a more popular mechanism for cybercrime, likely because they are easier to acquire and harder to track.

Interestingly, the 2019 Verizon DBIR notes that 18% of clicks made through to phishing messages came from those using mobile devices. We live in a world where people are often on the go — answering work emails from airports, cafes, or while picking up their kids from soccer practice. The hurried nature of such instances may make professionals more susceptible to BEC attacks, particularly because they may not be as vigilant in examining each email as if they were on a desktop computer in the office. It’s just another factor to consider when defending against BEC schemes.

International Incidents Take Center Stage

It doesn’t take much to see that this problem is an international one. There have already been warnings that Russian hacking groups are targeting government, media, and political organizations across Europe as part of a cyber espionage campaign ahead of upcoming elections.

Specifically, targeted spear-phishing campaigns are “the opening gambit” for the attacks, according to ZDNet, with fraudsters sending spoofed emails to their intended victims with links that appear to lead to legitimate government websites. In actuality, these links are malicious and plant malware onto the computer of those affected.

Also in recent months, attack group London Blue has resurfaced and, as we have previously noted, is using legitimate commercial services to mass harvest target data for their phishing campaigns. This type of activity has resulted in a master targeting database containing the contact information of more than 50,000 financial executives. The same can be said for cybercriminal organization Scattered Canary, which used Lead 411 to find their targets — both in the United States and elsewhere.

Financial Services and Healthcare Remain Prime Targets

While financial services and healthcare are the two most-targeted industries in the US, little changes once you leave North America. An upsurge in phishing messages has been targeting customers of DBS Bank in Singapore. The messages purport to come from the bank and feature links to sites where they are then asked to enter bank account details, victims would soon discover that payees were added to their bank accounts and unauthorized transactions were made.

Criminals are increasingly utilizing social engineering tactics on users and tricking employees at financial firms into providing their web-based email credentials. Another common method of attack? Compromised accounts, which are notoriously difficult to trace, as cybercriminals use the legitimate accounts of employees to give an aura of authenticity and send phishing emails to colleagues.

Healthcare remains another highly targeted vertical. This isn’t surprising because, like finance, it has access to a treasure trove of data that criminals would love to get their hands on. Hackers commonly use BEC attacks to get healthcare professionals to click through a link to a phony site that asks them to enter their email credentials. And once this has been done, the criminal then can gain access to any number of sensitive emails containing patient information.

International Defense Parameters are Critical

Businesses in every geography are at risk of critical breaches and financial loss due to email phishing attacks. And they continue to be among the most frequent types of cybercrimes perpetrated against them That’s why it’s so important to have the proper defenses in place to prevent business email compromise and related attacks from being successful.

This starts with proper employee education, but even all the training seminars in the world won’t fully prevent phishing schemes from tricking users from time to time. Instead, next-generation technology that combines machine learning with advanced analytics can spot, flag, and prevent fraudulent emails from even reaching the inboxes of employees — enabling them to focus on less on cybersecurity and more on their work.

It is clear that this threat isn’t going away anytime soon. Organizations around the globe need to stay one step ahead of the constantly evolving criminal landscape.

To learn more about how identity deception is tricking unsuspecting recipients, download our latest report on trends in email fraud.




Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.