Majority of BEC Emails Don't Include Phishing Links

August 30, 2018

Most business email compromise (BEC) emails don’t include a phishing link, according to a report released by cybersecurity firm Barracuda Networks.

Barracuda analyzed 3,000 randomly selected BEC attacks and found that 60 percent of the attacks didn’t include a link. The report found that the attacks more often than not are a plain text email intended to fool the recipient to commit a wire transfer or send sensitive information.

“These plain text emails are especially difficult for existing email security systems, because they are often sent from legitimate email accounts, tailored to each recipient, and do not contain any suspicious links,” Barracuda said.

Additionally, the report found that 12 percent of attacks try to establish rapport with the target by starting a conversation with the recipient. As an example, the attacker will ask the recipient whether they are available for an urgent task. For the vast majority of the “rapport” emails, the attacker will ask the recipient to do a wire transfer after responding to the initial email.

The FBI reported that email scams ranked first in online fraud losses in 2017. Of the $1.4 billion lost due to online fraud, BEC topped the chart with losses of more than $675 million. Criminals impersonating sellers, Realtors, title companies or law firms during a real estate transaction are one of the most common BEC schemes identified by the FBI.


Contact ALTA at 202-296-3671 or communications@alta.org.