Today, BEC attacks have turned out to be the highest remunerative line of business for cyber threat actors. Reportedly, with the rising number of BEC attacks, new fraud gangs have been discovered. These BEC attackers’ gangs are targeting various firms across the globe to trick them into transferring money.
APWG’s Phishing Activity Trends Report for Q2 2020 revealed how organizations are losing their huge sum of money to BEC attacks. The average wire transfer loss from BEC attacks increased to $80,183 in Q2 2020 from $54,000 in Q1 2020.
Moreover, another security research firm revealed that BEC attacks affected 99% of companies in August 2020. This was a massive increase from 70% registered by the firm at the beginning of the month. (Source: Security Boulevard)
Currently, cyber criminals are making a huge sum of money by actively using BEC attacks as their prime attack vector.
The APWG’s report also pointed out the new cyber gangs involved in these ever-evolving email-based scams. A Russian BEC gang, Cosmic Lynx, has been targeting companies across the globe for an average of $1.27 million.
It is believed that the ROI for a basic social engineering attack like BEC is greater than launching a sophisticated and more expensive) malware-based attack.
Top 5 Shocking Statistics of BEC Attacks in 2020
There are more than thousands of reasons for organizations to be worried about rising BEC attacks.
We have some staggering statistics and revelations from various security research firms from all over the world, discussing the surge in BEC attacks in 2020 and its impacts:
- Today, South Africa and the UK are the high-ranking regions of BEC activity among 50 countries across the globe.
- The wire transfer losses from Business Email Compromise have soared by over 48% from Q1 2020. It has reportedly hit an average of more than $80,000!
- A New York-based trading firm in mid-August said that it lost $6.9 million in a BEC scam in May.
- The BEC attackers use gift card scams in 66% of raids. Google Play, eBay, Apple iTunes, and Steam Wallet forged cards have been accounted for 70% majority of attacks.
- The FBI is running an investigation on a global BEC campaign. This attack campaign has netted cyber criminals at least $15 million in illegal proceeds by targeting over 150 companies globally.
The bureau also stated that its Internet Crime Complaint Center (IC3) received complaints, claiming more than US$2.1 billion losses from BEC scams between January 2014 and October 2019!
How to Stay Secured Against Business Email Compromise Attacks?
As a cyber security solution providing firm, we recommend organizations to take immediate security measures. Seeing the above-mentioned statics, it can be concluded that cyber criminals are set to launch more BEC attacks to target organizations across the globe in the near future.
But it is never too late to adopt security measures. Therefore, security experts and other IT officials in their organization must adopt effective security solutions to mitigate cyber threats. They should primarily focus on implementing the most essential cyber security practices within their organization.
Here are some recommended best cyber security practices for your organization to prevent BEC attacks:

- Educate employees with the best in class security awareness training to recognize and combat BEC and other cyber attacks.
- Make sure to double-check the sender’s email address before replying to the email with sensitive information.
- Try to avoid clicking and downloading unexpected email attachments like URLs, document files, images, etc., without verifying.
- Create a step by step verification process for secure money and data transfers.
- Secure email domain with standard email authentication protocols like DMARC, SPF and DKIM.
Standard email authentication protocols are a must to implement to secure the email domain from domain forgery. These standards are designed to supplement the Simple Mail Transfer Protocol (SMTP) as it does not have any authentication mechanisms itself. It is just a protocol used for sending emails over the internet.
Plus, to make it easy to monitor these three email authentication protocols altogether, we have KDMARC for you. KDMARC is basically an anti-spoofing and email authentication tool that monitors the standard email authentication protocols. This industry-leading tool comes with unique features like:
- SMART DMARC: Set DMARC in a click-through KDMARC’s dashboard without the need to revisit the DNS.
- SMART SPF: Alter IPs and email sources in the SPF record through the dashboard without the need to visit the DNS.
Apart from these, KDMARC has other features like:
- Customizable email domain threat summary
- Full insight into email channels, including third party emails and abuse
- Automated alerts and reports of threat details through emails
- IAM (Identity Access Management)
Our tool has been top rated and reviewed for its quality on the leading technology review platforms like SourceForge, Gartner, and many more.
Click the button below to secure your email domain against spoofing for FREE with KDMARC!