www.armorblox.com
Open in
urlscan Pro
2a05:d014:275:cb00::c8
Public Scan
Submitted URL: https://em.armorblox.com/MTc2LVhNSi0wMzAAAAGLzseZNkBbsgu3kH8MUG6lsT4Q-w6zGCgEgufEknYWeKWjri_vv5Ytv9RzKzxYQzwEy86ZBCw=
Effective URL: https://www.armorblox.com/blog/fbi-2020-ic3-report-findings-bec-and-eac-losses-continue-to-rise/?mkt_tok=MTc2LVhNSi0wMzAAA...
Submission: On June 09 via api from US — Scanned from DE
Effective URL: https://www.armorblox.com/blog/fbi-2020-ic3-report-findings-bec-and-eac-losses-continue-to-rise/?mkt_tok=MTc2LVhNSi0wMzAAA...
Submission: On June 09 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form id="mktoForm_1082" class="MarketoForm-module--form--4d59f mktoForm mktoHasWidth mktoLayoutLeft" data-form="1082" __bizdiag="196351835" __biza="W___" novalidate="novalidate">
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>Email:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired input"
aria-required="true" style="width: 150px;" placeholder="Email" data-personalize-email="true"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton action" data-personalize-button="true">Subscribe</button></span></div><input type="hidden" name="formid"
class="mktoField mktoFieldDescriptor input" value="1082" placeholder="formid"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor input" value="176-XMJ-030" placeholder="munchkinId">
</form><form class="MarketoForm-module--form--4d59f mktoForm mktoHasWidth mktoLayoutLeft" data-form="1082" __bizdiag="389636160" __biza="W___" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Why Armorblox
Why ArmorbloxAbout UsNews & PressContact Us
Popular Content
* Blog
CHECKMATE: NEW VIP INVOICE AUTHORIZATION FRAUD ATTACK TARGETING BUSINESSES
Learn more
Product
Product Capabilities
* Advanced Threat Protection
* Advanced URL Protection
* Advanced Malware Detection
* Advanced Data Loss Prevention
* Security Operations
* All Products
Product Tours
* Main Product Tour
* Phishing Product Tour
* Business Email Compromise Tour
* Brand Impersonation Tour
* Data Loss Prevention Product Tour
* Vendor Compromise Tour
* Security Operations Product Tour
* All Product Tours
Integrations
* All Integrations
Popular Content
* Blog
HOW CHATGPT WILL CHANGE CYBERSECURITY FOREVER
Learn more
Solutions
By Use Case
* Business Email Compromise
* Email Account Compromise
* Graymail and Recon Threats
* Executive Phishing
* Data Loss Prevention
* Abuse Mailbox Remediation
By Platform
* Microsoft Office 365
* Google Workspace
* Secure Email Gateway Augmentation
By Industry
* Financial Services
* Education
* Healthcare
* Manufacturing
* Retail
Popular Content
* Blog
HOW CHATGPT WILL CHANGE CYBERSECURITY FOREVER
Learn more
CustomersResources
Learning Center
* Business Email Compromise
* Vendor Email Compromise
* Spear Phishing
* Ransomware
* Vishing
* Email DLP
* Tools and Templates
* All Topics
Resources
* Templates
* Whitepapers
* Solution Briefs
* Datasheets
* Videos
* Webinars
* All Resources
Blog
* Articles & Thought Leadership
* Threat Research
* Product Features
* Customer Success Stories
* All Articles
Humans of Cybersecurity
* All Stories
Popular Content
* UNDERSTANDING YOUR ORGANIZATION’S VENDOR FRAUD AND SUPPLY CHAIN RISK
* PROTECTING YOUR ORGANIZATION AGAINST VENDOR FRAUD AND SUPPLY CHAIN ATTACKS
* PREVENT VENDOR AND SUPPLY CHAIN ATTACKS WITH ARMORBLOX
Pricing
Get a Demo
Articles & Thought Leadership | 10 min read
FBI 2020 IC3 REPORT: BEC AND EAC LOSSES CONTINUE TO RISE
Share:
1. Armorblogs
/
2. Articles & Thought Leadership
/
3. FBI 2020 IC3 Report: BEC and EAC Losses Continue to Rise
Anand Raghavan
Mar 19, 2021
Learn more about the trends highlighted in the FBI’s 2020 Internet Crime Report,
spotlighting the continued danger posed by BEC and EAC attacks.
--------------------------------------------------------------------------------
Earlier this week, the FBI Internet Crime Complaint Center (IC3) released their
2020 Internet Crime Report, with updated statistics on Business Email Compromise
(BEC), Email Account Compromise (EAC), and COVID-19 scams. This article will
compile our understanding of the trends highlighted in the report, signifying
how some things changed while others remained largely the same.
BEC AND EAC REMAIN THE COSTLIEST SCAMS
The Internet Crime Report discovered an interesting BEC pattern. While there was
a reduction in the number of BEC/EAC complaints (from 20,373 in 2018 to 19,369
in 2020), the reported losses increased year-over-year, from $1.29 billion in
2018 to $1.86 billion in 2020.
It’s likely that attackers have refined their BEC tactics and are confident
enough to pursue higher dollar amounts in their scams. While other forms of
cybercrime continue to endanger organizations’ security processes and peace of
mind, BEC and EAC remain the forerunners in harming bank balances.
Fig: BEC and EAC complaints fell in 2020, but reported dollar losses increased
YOY from 2018 to 2020
Learn how a typical BEC attack works in What Is Business Email Compromise? A
Definitive Guide to BEC
The IC3 report also spotlights the evolution of BEC and EAC attacks since 2013,
when the FBI first started tracking them. While these attacks began as
relatively simple email spoofs requesting fraudulent wire payments, they have
grown to encompass attacks like payroll diversion fraud, vendor email
compromise, and industry-focused scams targeting sectors like real estate and
healthcare.
Fig: The evolution of targeted email attacks
THE PHISHING PROBLEM PERSISTS
Since phishing attacks have existed for a long time, you might assume that the
problem has already been solved. However, stats from the 2020 Internet Crime
Report tell another story.
The IC3 received 241,342 complaints on phishing and related attacks like
smishing, vishing, and pharming in 2020. This number increased by almost 110%
from 2019 when they received 114,702 complaints.
Since these numbers constitute only reported complaints, we can assume that the
real phishing impact numbers are much higher than those presented in the report.
Fig: Number of complaints on phishing, smishing, vishing, and pharming attacks
increased by 110% from 2019 to 2020
This trend aligns with what the Armorblox threat research team has observed,
mainly related to a consistent increase in 0-day credential phishing attacks. We
have seen cybercriminals exploit Google and other free online services,
impersonate known brands, and use voice in combination with email in their
attempts to extract victims’ credentials.
EXPLOITING TRUST IN A YEAR OF UNCERTAINTY
In 2020, the IC3 received over 28,500 COVID-19 related complaints. Additionally,
in mid-April of 2020, Google’s Threat Analysis Group reported that they detected
18 million COVID-19 themed malware and phishing emails per day.
During times filled with volatility and uncertainty, our brains tend to take
specific shortcuts on whom to trust. We lean into trusting people we know,
entities with authority, and anyone who can help reduce our uncertainty. Thus,
it is disappointing (but not surprising) to see government impersonation attacks
reported by the IC3 rise in 2020.
Scammers also exploited trust by replicating processes that the government had
already instituted. Scammers hijacked these government measures to steal money
and data, whether it was unemployment insurance, small business loans,
vaccination programs, or stimulus checks.
Since the programs were already in place, scammers did not have to employ any
sophisticated tradecraft other than asking for money or PII by pretending to be
someone else.
Armorblox has observed persistent email attacks that use COVID-19 as a lure.
Read COVID Email Scams Aren’t Going Away to learn more.
SOCIALLY ENGINEERING THE MOST VULNERABLE
The report highlighted some sobering statistics on how cybercriminals continue
to use social engineering techniques to prey on vulnerable people.
Most COVID-19 related scams involved attackers fraudulently submitting
unemployment insurance claims after stealing victims’ identities. In addition,
paycheck Protection Programs (PPP) and small business economic injury disaster
loans were also used in scams, harming people and businesses that were already
most at risk from pandemic-related upheaval.
If we look at cybercrime victims by age group, almost 22% of all complaints
involved victims over 60, with reported losses above $966 million. People over
the age of 60 are often the subjects of romance scams, grandparent scams,
caregiver scams, and charity scams.
Given how uncertain and isolating 2020 was for all of us, the average person
would be even more likely to respond to these social engineering cues.
GUIDANCE AND RECOMMENDATIONS
If you or your organization are victims of a BEC attack, the IC3 provides the
following guidance:
* Contact the originating financial institution as soon as fraud is recognized
to request a recall or reversal.
* File a detailed complaint with www.ic3.gov.
* Never make any payment changes without verifying them with the intended
recipient directly.
* Visit the IC3 website regularly for updated PSAs regarding BEC trends and
other fraud schemes targeting specific populations or industries.
Here are some additional security hygiene recommendations from the Armorblox
team:
* Follow MFA and password management best practices:
* Deploy multi-factor authentication (MFA) on all possible business and
personal accounts.
* Don’t use the same password on multiple sites/accounts.
* Use password management software to store your account passwords.
* Avoid using passwords that reference your publicly available information
(date of birth, anniversary date, etc.).
* Don’t repeat passwords across accounts or use generic passwords such as
your birth date, ‘password123,’ ‘YourName123,’ etc.
* Watch out for social engineering cues
As most inboxes today are overflowing with unreads, we know that ‘read every
email rationally’ is not realistic advice.
Nonetheless, everyone should carefully engage with emails related to money or
data requests. Subject the email to an eye test that includes inspecting the
sender name, email address, the language within the email, and any logical
inconsistencies.
Examples:
* Why is the IRS asking for my social security number over email?
* Why is a known vendor changing bank account details the day before an
invoice is due?
AUGMENT NATIVE EMAIL SECURITY WITH ADDITIONAL CONTROLS
For better protection against targeted email attacks like BEC, EAC, and 0-day
credential phishing, organizations should invest in technologies that take a
materially different approach to threat detection from built-in email
security controls like Exchange Online Protection (EOP) and Microsoft
Defender for Office 365 (MSDO).
Gartner’s Market Guide for Email Security covers new approaches that vendors
brought to market in 2020 and should be a good starting point for your
evaluation.
For more email security tips, threat research, and industry trends, join the
Armorblox mailing list. If you’re reevaluating your email security stack and
are interested in augmenting your built-in email security, schedule a demo
with Armorblox to learn how we stop BEC and other targeted phishing attacks
using Natural Language Understanding.
Schedule a Demo
--------------------------------------------------------------------------------
Schedule a Demo
SUBSCRIBE FOR THE MOST UP-TO-DATE EMAIL SECURITY INSIGHTS
Sign up for our newsletter to get the latest updates on the email threat
landscape, including new trends and attacks.
*
Email:
Subscribe
SEE ARMORBLOX IN ACTION
See how Armorblox uses the power of Natural Language Understanding (NLU) and
machine learning models to prevent BEC and targeted phishing attacks, prevent
unauthorized exposure of sensitive PII, PCI, and PHI, and reduce incident
response times.
Take Product Tour
RELATED ARTICLES
Articles & Thought Leadership
GARTNER RELEASES 2020 MARKET GUIDE FOR EMAIL SECURITY
The Gartner Market Guide for Email Security defines market challenges, outlines
vendor technology attributes, and provides recommendations for email security
leaders. Read Armorblox thoughts on the Market Guide and get a complimentary
copy.
Customer Success Stories
CUSTOMER STORY: CUTTING THROUGH THE NOISE
Learn how Intermedia enlisted Armorblox to streamline and accelerate phishing
response.
Customer Success Stories
CUSTOMER STORY: KEEPING THE CITY RUNNING
Learn how City of San Jose used Armorblox to stop targeted email attacks from
disrupting City operations.
Threat Research
OK GOOGLE, BUILD ME A PHISHING CAMPAIGN
In this blog, we will outline five targeted phishing campaigns that weaponize
various Google services during their attack flow.
Threat Research
YOU’VE GOT A PHISH PACKAGE: FEDEX AND DHL EXPRESS PHISHING ATTACKS
This blog focuses on two email attacks impersonating FedEx and DHL Express. Both
attacks aimed to extract email account credentials. Phishing pages were hosted
on free services like Quip and Google Firebase to trick users into thinking they
were legitimate.
EXPERIENCE THE ARMORBLOX DIFFERENCE
If you have questions about email security, Armorblox has the answers you're
looking for. Request a product demo to find out more.
Get a Demo
100 S. Murphy Avenue, Suite 200
Sunnyvale, CA 94086
(650) 260-5352
Armorblox
Email Security
4.7
11 Ratings
Submit a review
As of 9 Jun 2023
Company
* Why Armorblox
* About Us
* News
* Careers
* Customers
Product
* Overview
* Product Tour
* Integrations
* Pricing
Solutions
* Business Email Compromise
* Email Account Compromise
* Graymail and Recon Threats
* Executive Phishing
* Email Data Loss Prevention
* Abuse Mailbox Remediation
Resources
* Resources
* Trust Center
* Blog
* Contact Support
© 2023 Armorblox. All Rights Reserved. Privacy Policy.
Cookies Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts. Privacy Policy
Cookies Settings Reject All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be able
to use or see these sharing tools.
Cookies Details
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
Switch Label label
Switch Label label
Switch Label label
*
View Cookies
* Name
cookie name
Reject All Confirm My Choices
Have you heard the news? Cisco recently announced their intent to acquire
Armorblox.
Read more about how Cisco is furthering the AI-first security cloud.
Read More