News
10 Expensive Business Email Compromise Statistics.
Get To Know Today’s Most Expensive Cyberattack in 10 Business Email Compromise Statistics
You may think that your organization’s most damaging phishing risk is ransomware. Although it rightfully takes up a lot of ink in the media, it has yet to be number one. That honour would go to business email compromise (BEC). For the 3rd consecutive year, BEC schemes were the costliest cybercrime reported to The Federal Bureau of Investigation’s Internet Crime Complaint Center (FBI IC3) at an eye-popping 19,369 complaints with an adjusted loss of approximately $1.8 billion. These 10 business email compromise statistics demonstrate the danger hidden within the rising tide of business email compromise risk.
BEC is just a building block in many other complex cybercriminal schemes. The Verizon Data Breach Investigations Report 2022 slotted BEC into its number 2 spot for data breach risks and showcased the rapid rise of brand impersonation. This related cybercrime exploded in 2022, primarily through social networking, clocking in whopping 15 times greater than it did the entire year before. Spoofing is a standard part of cybercrimes that include BEC and a convenient way for cybercriminals to trick your employees or business associates into taking their bait, primarily through whaling attacks. BEC can also be a regular guest star in a supply chain or third-party episode.
Business Email Compromise is just a Nasty Foe.
Are you prepared to see the danger on your own? These 10 business email compromise statistics tell the tale of woe many businesses face, illustrating the threat your business could face from this devastating attack. As we reported in our annual publication, The State of Email Security, just like all cybercrime, BEC attacks also enjoyed a good boost of 14% in 2022. Profit will undoubtedly keep driving this category forward – bad actors wanted payouts in 2022 that have been 30% larger compared to the previous year.
10 Statistics that You Need to See About Business Email Compromise
- Business email compromise rose by 14% overall in 2022 and as much as 80% in a few sectors
- Experts estimate that 65% of organizations faced BEC attacks in 2022
- BEC costs increased rapidly in just one single quarter a year ago, from $54,000 in Q1 2022 to $80,183 in Q2
- The power and infrastructure sector topped the 2022 list with 93% of BEC attacks
- In a current study, one-fifth of the surveyed employees fell for phishing tricks and interacted with spurious emails
- Spoofing, a common technique in BEC, ballooned by significantly more than 220% in 2022.
- An estimated 62% of BEC scams involve cybercriminals seeking gift cards, cash app transfers or money cards.
- The most common type of BEC scam is invoice or payment fraud
- BEC offshoots, like billing scams, skyrocketed by 155% in 2022
The standard amount requested in wire transfer-based BEC attacks nearly doubled in 2022 from $48,000 in the 3rd quarter to $75,000 in the fourth quarter
BEC is More Expensive than Ransomware
Surprised? Ransomware gets most of the press. However, the undercover attack that’ll clean a company’s clock and bank account is a business email compromise. The US Federal Bureau of Investigation (FBI) IC3 Internet Crime Report released just a few days ago gives some sense of the scale of the business enterprise email compromise crisis. The star of the show is the record 69% escalation in reported cybercrime in 2022, a considerable jump confirming the extraordinary cybercrime risks each company has to contend with. BEC schemes led the pack by a solid margin. As it has been doing in prior years, they continued to be the costliest cybercrime reported to IC3, clocking in hot with 19,369 complaints that produced an adjusted loss of approximately $1.8 billion.
BEC Threats Aren’t Slowing Down
The story doesn’t end there. BEC is the nightmare that keeps rolling for any organization unfortunate enough to fall prey to it. Beyond the financial damage it does to your business upfront, BEC can also have far-reaching consequences. It may seriously impact your relationships with other businesses and your reputation. The complexity of mitigating and recovering from an incident like BEC is undoubtedly one of why 60% of companies which can be hit successfully by a cyberattack walk out of business, many in just a year.
BEC is a threat that draws much of its power from social engineering. Uncertainness is one of the most compelling factors that cybercriminals exploit to drive their social engineering schemes. And so the 2022 pandemic scramble, including training failures and remote work complications, created the best conditions for social engineering to flourish. This chaos made employees easy dupes for cybercriminals.
Staging and succeeding in a BEC attack is an ordinary cybercrime operation. Gangs that specialize in BEC threats are, more often than not, experts at crafting sophisticated phishing attacks. That makes BEC threats especially challenging for the typical employee to sniff out. An estimated 34% of respondents in a survey about cybersecurity disasters blamed their company’s phishing woes in the last year on a lack of employee knowledge of what to find to sniff out today’s sophisticated phishing threats.
Why Automated Security Beats Business Email Compromise
Graphic reliably defends your business from cybersecurity risks like phishing 24/7/365. This powerful automated guardian is straightforward to set up and gathers its threat intelligence, eliminating the necessity for human staffers to add threat reports or tinker with settings. Powered by an AI that never stops learning, Graphus learns your communication patterns to tailor your protection perfectly, defending your business from trouble by putting three strong shields between you and the bad guys.
TrustGraph uses over 50 data points to analyze incoming messages before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to refine your protection and keep learning without human intervention continually.
EmployeeShield adds a bright, noticeable box to messages that may be dangerous, notifying staffers of unexpected communications that could be undesirable and empowering staffers to report that message with one click for administrator inspection.
Phish911 enables employees to report any suspicious message that they receive instantly. When an employee says a challenge, the email involved isn’t just taken from that employee’s inbox — it’s taken from everyone’s inbox and automatically quarantined for administrator review.
SEE OUR 3 SHIELDS EXPLAINED IN AN INFOGRAPHIC
Refrain from throwing bad money after good to prop up old-fashioned manual security solutions. Discover the benefits of affordable AI-powered intelligent automation for your business. Schedule a demo of the Graphic today.
News
Pro-Trump Lawyer’s memo Begins With a Lie, Then Descends into Madness.
The two-page memo from John Eastman, disclosed in the brand new book by Bob Woodward and Robert Costa, begins with a lie and then descends into madness.
Eastman is a lawyer who caused former president Donald Trump’s legal team to overthrow democracy and make an effort to steal the 2022 election.
First, the lie: “7 states have transmitted dual slates of Electors to the President of the Senate.” What seven states? What are “dual slates of electors”? How were they purportedly “transmitted” to the Senate? This is all, needless to say, nonsense. Each state certified one, and only one, slate of presidential electors based on the 2022 election results.
The Eastman memo proceeds from this foundational lie to create a wild legal fantasy; the message is a perfect encapsulation of Trump’s overarching strategy to steal the 2020 election. Eastman casually adopts as true a bold legal fiction that “[t]here is the quite solid legal authority, and historical precedent, for the view that the President of the Senate does the counting, like the resolution of disputed electoral votes … and most of the Members of Congress can do is watch.” That’s simply wrong as a matter of law and history. Thankfully, the President of the Senate, then-Vice President Mike Pence, recognized this and refused to override the votes cast by the disputed states unilaterally.
Eastman proceeds to formulate a purposefully deceptive strategy. He suggests Pence should announce the outcomes in the states alphabetically but should “defer decision” on Arizona and the other six states that Trump is attempting to steal before the very end of the count.
Eastman suggests that Pence reject the vote counts from those seven states when this occurs. Then, according to Eastman, comes the dramatic climax: “Pence then gavels Trump as re-elected.”
This suggestion is as wrong-headed since it is audacious. No person – not the vice president or anybody else – can “gavel” anybody as the President of the United States. That’s the stuff of dictatorship. However, that seems to be precisely what Eastman aims for in his memo.
Eastman dismissively predicts “[h]owls, needless to say, from Democrats…” He’s only partially correct here; without a doubt, there would have been “howls,” but likely from many conscientious Republicans and Democrats alike. Republican members of Congress, including Senators Mike Lee and Lindsey Graham – both reliable Trump loyalists – rightly ridiculed and rejected Eastman’s proposed plan and other variations of it, according to Woodward and Costa, authors of “Peril.”
Eastman closes the memo by noting that Vice President Pence should enact his plan, but “Pence should do this without asking for permission – either from a vote of a joint session or from the Court.” That is a sure sign Eastman knows his scheme is outrageous and illegal. He proposes only to ram it through and make the other side fight after the fact to undo the damage.
Eastman now claims that his memo merely “explored all options that had been proposed.” But that’s revisionism. In the message, Eastman doesn’t simply “explore” or meditate on theoretical or academic possibilities. He specifically argues that Pence “should” carry out the plan, as proposed, and he offers strategic advice on how best to spring the scheme as a lure on unsuspecting members of Congress (by holding the seven states until last and by starting the plot first “without asking for permission”).
Eastman is both a lawyer and a senior fellow at a study institute. He’s also a disgrace to the profession. At the same time, his memo is rife with falsehoods, childlike in its reasoning, and deadly dangerous in its proposed application.
Eastman needs to handle consequences. State licensing authorities should review his fitness for practicing law. Congress must demand answers, issuing a subpoena to compel Eastman to testify if necessary. And the Justice Department must, at a minimum, open a criminal investigation to find out whether Eastman’s proposed actions constituted conspiracy to violate federal election laws.
If nobody takes action, Eastman will fade into memory as just another unhinged conspiracy theorist who proposed dangerous abuses of power to serve Trump’s whims and then walked away unscathed.
Now, your questions:
David (North Carolina): Regarding Roe v. Wade, doesn’t established federal law from the Supreme Court supersede any conflicting state law?
That’s precisely how things are designed to work. However, the Supreme Court earlier this month declined to issue an emergency stay (a pause, essentially) on a Texas state law called “SB-8,” which makes it virtually impossible for a woman to get an abortion in Texas – squarely contradictory to Roe v. Wade.
The five-justice majority noted that, while they expressed no view on the constitutionality of the Texas law, they’d not issue a stay because regulations posed complex procedural conditions that could pose an obstacle to future legal challenges.
The Justice Department has now filed an immediate legal challenge to the Texas law, arguing that it operates in “open defiance” of Roe v. Wade. While the Texas case winds through the federal courts over the coming months, keep an eye on a different restrictive state law out of Mississippi. The Supreme Court will hear and rule on this case in the upcoming term, with an oral argument set for December and a determination likely in the spring or summer of 2022. The Mississippi case has been positioned by advocates as an immediate challenge to Roe v. Wade and could provide the court a chance to overrule its longstanding precedent.
Gregory (Indiana): How much jeopardy is DACA in, given that it was created by executive action and not by Congressional legislation?
Once more, the Deferred Action for Childhood Arrivals program, adopted through executive action by then-President Barack Obama in 2012 to supply a reprieve from deportation for “Dreamers” who found their way to the United States as children, is in legal jeopardy. A year ago, the US Supreme Court rejected the Trump administration’s try to rescind DACA, ruling that the administration had not followed proper administrative procedures. However, a federal judge has ruled that DACA is unconstitutional on the merits because it was enacted by presidential decree without Congressional authorization. The Biden administration has appealed that ruling to the federal Fifth Circuit Court of Appeals. That court’s ruling likely will settle the issue unless the Supreme Court decides to take the case and rule on the merits once and for all.
You must be logged in to post a comment Login