Published: February 25, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Those pesky scam emails directed at you, whether for your personal or business account, are being aided by unlikely sources. So far this year, Gmail, AOL, and Yahoo email services, among others, inadvertently helped hackers scam almost 6,600 enterprise organizations, according to a study by Barracuda Networks. These free email services are nothing new, but the rate in which they facilitate business email compromise (BEC) attacks is alarming. Since April of this year over a four-month period, malicious email accounts using these providers accounted for 45% of all BEC attacks.
With Gmail as the favored free email service of cybercriminals, it provides 59% of all criminal account attacks. In second is Yahoo, providing accounts for only 6% of these incidents. Barracuda reports 6,170 malicious email accounts were responsible for more than 100,000 BEC attacks on those 6,600 targeted organizations. BEC targets are subject to many deceptive ploys to impersonate legitimate co-workers, enterprise upper management, and vendors, to name a few. The goal behind BEC scams is simple: Get employees to provide sensitive information and/or send fraudulent wire transfers into a cybercriminal’s bank account.
The frequency in which BEC attacks happen is another obstacle for enterprise. Barracuda’s report found that one mass BEC attack victimized up to 256 organizations at one time. And just one malicious email account has launched up to 600 strikes, far beyond the average number of recipients being nineteen, from one single account. With all these unfavorable numbers surrounding BEC and free email services, there are ways companies and their employees can minimize the BEC threat.
What to Do About BEC
Be aware of all emails from popular free services. We know bad actors count on them to get their malware delivered and acted upon. Even though the name of a free email service is familiar doesn’t mean it can’t be used for nefarious reasons.
Don’t click links or attachments, without first making sure they are legitimate, especially those involving financial transfers.
Make sure your email phishing antennae is set on “high” and look for the usual suspects: subject lines that require immediate action, links or attachments that you aren’t expecting, typos, bad grammar, and anything slightly suspicious. A simple phone call to the sender can clear that up, but don’t use a phone number or link in the email as it could be provided by the hacker waiting on the other side.
Enterprise should consider using email security software to help ferret out the bad guys. None will provide 100% security, but fortunately, regularly and continuously educating employees on the latest email scams and how to spot and stop them, can be invaluable to any company’s security.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org