FBI Director Christopher Wray speaks at an event in Washington, D.C. The FBI reports that BEC scams cost organizations more than $26 billion worldwide between 2016 and 2019. Today’s columnist, David Jemmett of Cerberus Sentinel, describes how BECs have become even more targeted in the past year. (Credit: Creative Commons CC PDM 1.0)

Cybercriminals are opportunists by nature, so it’s no surprise to see that they continuously exploit attack vectors that have been proven to show success. Of these attack vectors, phishing and business email compromises (BECs) are often the most fruitful. With the significant frequency and value of phishing and BEC scams, many criminals turn to this tried and proven social engineering technique. In fact, the FBI reports that BEC scams cost enterprises more than $26 billion worldwide between 2016 and 2019.

Throughout the past several weeks, I personally received five of these suspicious emails. BEC emails are becoming incrementally more sophisticated in nature, complete with official-looking headshots and signatures from a genuine law firm. Cybercriminals deploying social engineering techniques like this are audacious. When I received this email my spider-senses were tingling: Something was off, even though this email was not caught by the email protection or kicked into my spam box. I always have Preview turned off in Microsoft to ensure that when I hover over the document/PDF it does not show me document preview unless I click on it. Fortunately, my firsthand experience dealing with these types of emails meant that I could avert the damage that would have ensued. Unfortunately, not everyone has this experience on their side.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.