top of page

Invoice or payment fraud attacks that target group email boxes jump more than 200%

New research found that business email compromise (BEC) attacks focused on invoice or payment fraud and targeting group mailboxes increased 212 percent from second to third quarter.

While invoice and payment fraud attacks on the c-suite are still prevalent, the sharp rise in attacks on group email boxes was significant because it pointed to a new favourite attack vector.

“Sending to group email boxes is a great way for attackers to gain credibility,” said Ken Liao, vice president of cybersecurity strategy at Abnormal Security, which posted its third quarter BEC report today. “The attackers can send the email around and once colleagues see that one or two of their co-workers have responded they are more likely to click. It’s also a good line of attack because you don’t need to get to the CFO or c-suite to get an invoice approved.”

The report also found that Q3 was marked by a 155 percent overall increase in invoice and payment fraud BEC attacks across the eight industries studied. Liao said while this trend was particularly notable for the retail-consumer goods and manufacturing sector, it was also strong in the other verticals Abnormal studied: energy/infrastructure, finance, hospitality. media/TV, medical, services, and technology. 

Colin Bastable, CEO of Lucy Security, agreed with Liao that attacks on group email boxes have a higher probability of being opened on receipt, or forwarded internally and then opened. “Being forwarded internally adds legitimacy to phishing emails,” Bastable said.

“Access to group email boxes is also often delegated to valuable targets such as personal assistants, diary keepers, and gatekeepers: ‘can-do’ people who are likely to bring the email to the attention of the intended targets, or who will open files and initiate the fraud.”

Jamie Hart, cyber threat intelligence analyst at Digital Shadows, added that by targeting group mailboxes versus c-suite, cybercriminals are using the “spray and pray” method: The criminals send the same email to a larger group of individuals hoping that at least one of them will open the attachment or follow the link.

“With more employees working remotely, employees are less likely to verify the validity of an email or an attachment,” Hart said. “Additionally, targeting group mailboxes ensures that the email gets delivered to several employees using only one email address. This method requires the same amount of effort from a cybercriminal with the potential for higher success.”

It’s advised beefing up security & fraud awareness training to help users be aware of the potential dangers around BEC attacks, invoice fraud and working within group mailboxes. Users need to understand the dangers and potential costs of opening and acting on the content of these emails.

Accredex in partnership with FPP have designed a unique e-learning course that defines and explains how raising awareness on Procurement Fraud can be extremely beneficial to your employees, your business reputation and your 'bottom line' financial results

For less than the cost or your daily cup of coffee our online e-learning return on investment figures are enormously compelling.

Get in touch to learn how we can help you introduce e-learning practices to mitigate fraud in your organisation.

20 views0 comments


bottom of page