According to a survey by Osterman Research and email security firm Ironscales, 93% of organizations had experienced at least one form of business email compromise (BEC) attack in the previous 12 months.
Approximately half of all employees face BEC attempts at least monthly, with C-suite and finance department employees targeted most frequently.
Fake invoices were the most common variant of BEC attack, impacting over 20% of organizations. Other top variations included data theft (19.7%), in which an attacker requests access to data they are not authorized to view, resulting in a data breach or data exposure, and account takeover (18%), where the goal is to gain access to an employee or executive email account.
The report also highlighted emerging BEC variations that companies should watch for. In gift card scams, a cybercriminal impersonates a manager or executive and requests the purchase of gift cards. In payroll diversion scams, the attacker attempts to submit new payment details to divert an employee’s paychecks to another bank account.