Osterman Research has built a comprehensive report on BEC (Business Email Compromise) attacks for 2022

Business email compromise (BEC) attacks are among the fastest growing and most concerning cybercrimes against organizations according to a new report by Osterman Research. According to the Report, “many organizations are ill-prepared to address the threat of BEC and lack sufficient protections across people, process, and technology factors.” Also cited in the report is a startling finding that 80% of organizations have experienced BEC attacks over the last year. In the United States alone, almost 20,000 BEC attacks were reported to the FBI in 2020 with a cumulative loss of $1.8 billion.

BEC attacks are a specific type of “phishing” attack that relies on targeting specific people within organizations. Attackers seek monetary payment as a direct outcome, and types of BEC attacks include (but are not limited to) diverting payment on a valid invoice to a fraudulent bank account, submitting a fake invoice for payment, diverting employee payroll to a fraudulent bank account, and using impersonation of senior executives to lend credibility to plausible but irregular requests. Osterman predicts that threat actors are likely to step up the frequency and cost of BEC attacks in the coming year, and they note that employees at all levels of an organization are targeted by BEC attacks.

“Today’s email security needs to be humanized, and RPost’s latest RMail e-security services that run inside Microsoft Outlook do just that. Their triple play with AI-triggered encryption and wire fraud protection, in-the-flow email security user training, and their suite of anti-whaling BEC protections (recipient verification, domain age, impostor alerts, Double Blind CC™, and Disappearing Ink™) add essential layers critical to not only protect externally facing business executives and their organizations but also those newfound [human] targets in HR and finance teams. Traditional email security plus RMail for Outlook is a winning combination,” states Michael Sampson, Senior Analyst at Osterman Research, one of the world’s leading e-security and messaging technology analysts.