While phishing continues to be the prevalent threat in malware-less email-based attacks, cybercriminals refine their methods by adding an impersonation component to increase the success rate against company employees. Impersonation fraud—also known as Business Email Compromise (BEC)—is on the rise, as criminals gain access to a business email account and pretend to be the account owner in order to defraud the company and its employees, customers, or partners.
One in 12 businesses have fallen victim to impersonation fraud, a recent report found, and there has been a 58% rise in this type of crime this year. However, the data is based only on reported fraud cases, the report noted, so the true scale of the problem is likely much larger. Fear of punishment also keeps employees from reporting cybersecurity mistakes, the report found: One in 20 employee victims of impersonation fraud said they were so ashamed that they hid their mistake from their team. However, hiding an issue like this likely causes further problems, the report noted. If the systems have been compromised, the criminals may be able to access other critical information, or make new requests, increasing losses.