The most common scams targeted at businesses during 2020 were:
More Industry Insight
Ransomware attacks: Ransomware as a service is the big problem for business. Easy-to-use ransomware as a service schemes are booming, accounting for almost two-thirds of ransomware campaigns during the past year.
Business email compromise: The cost of business email compromise is 64 times worse than ransomware. In fact, BEC comprised 37% of all losses in 2020 with over 1.8 billion reported to the FBI. This number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services acquired by a victim.
Wire Fraud continues to grow and becomes harder to detect. The BEC/EAC scheme has evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards. The number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency is increasing.
Account takeover will increase: Account takeover is essentially doubling each year as criminals become more technically savvy and automated. Account takeover fraud remains an ongoing problem for financial institutions, e-commerce merchants, and virtually any organization that offers products or services that can be monetized.
Remote working: Adapting existing controls to the remote working environment, the use of data and analytics in monitoring risks, and the proper balance between human and technological oversight will become more important as the 'new normal' takes hold. Compliance with regulatory controls should remain high priority for businesses, otherwise they create opportunity for criminals and risk regulatory investigations, leading to fiscal and reputational damages in the future. For many businesses, existing training on preventing wire fraud and other criminal attacks will need to be reinforced.
Cybercrime-as-a-service: Among the numerous services offered in the cybercrime underground, ransomware-as-a-service platforms, DDoS-for-hire platforms and spamming services will facilitate the emergence of new criminal organizations and speeds up the operations of existing ones.
Phishing kit developers will offer more refined products: Phishing kit developers will offer more refined products, further lowering the skill required to launch a phishing campaign. Attackers are improving the quality of their phishing campaigns by minimizing or hiding common signs of an imposter scam phish.
Deep fake technology for identity fraud: This technology will be used to attack call centers and for business email compromise scams.
More social engineering for authorized push payments (APP): These scams are extremely effective and defeat all controls such as authentication, device, and location analysis. Criminals just need to persuade people into authorizing a payment to them. These includes impersonating a supplier or contractor and sending a fake invoice to a business.
Security for the "phygital" shopping experience: Blending the elements of both a physical (curbside pickup, displaying your photo ID) and digital (selecting inventory and submitting payment, multifactor authentication) shopping experience together. The combined online and in-store shopping habits are here to stay for the long term.
With the threats to businesses being so diverse, all businesses need to improve their cybersecurity practices. We can help them do that through you. Learn how.