The Simple Social Engineering Technique
Business email comprises (BEC) attacks are one of the well-paying methods for attackers. FBI reports that businesses are losing over $700 million a month falling for phishing attacks, BEC attacks and simple gift card scams. This percentage of victimization is on the rise. Agari, an email security firm reported that businesses witnessed a gradual rise in gift card scams in 2019 ending quarter. The percentage rise of 6% from 56% to 62%, out of all the BEC attacks. Here, an attacker firstly compromises any of the top executive’s email and messages his subordinates to wire transfer or buy a gift card for some cause. And the request being from the boss, most would eventually comply and do so, losing the money. The general reasons quoted for wire transferring the money could be anything, from fake invoices to business deals or new contracts, which the subordinate belief in. And for gift card scam, it would be carefully crafted and released accordingly to seem attractive. The last holiday season has yielded much for the adversaries, making them super-rich.
From $250 to $10,000
The gift card scams are simple and are more of social engineering techniques rather than technical hijackings. Reports say the minimum amount of these scams start from as low as $250 to more than $10,000 for each gift code. The average amount was said to be $1,627 and these would be targeted across multiple departments of the same organization!