According data, The businesses they lose over $ 700 million a month because their employees are falling victims phishing attacks, bulb scams and other scams. The worry is that financial losses appear to be increasing.
The hackers who aim at stealing money, often use phishing and impersonation techniques to deceive them employees companies and make them deliver hundreds of thousands of dollars. But, according to new data, cybercriminals are now accustomed to asking victims gift cards which may be worth just $ 250.
Agari researchers said in their report that phishing scams gift cards increased by the end of 2019, accounting for 62% of all BEC attacks.
In this type of attacks, the Criminals gain access to an employee's account and, using the stolen identities, send emails to other people in the organization to request gift cards.
Typically, the hackers represent some strain of her company and they ask an employee to do them a favor. The employees will hardly refuse a favor to their superior. Especially during holiday season gift card fraud is very common.
The average amount demanded by card hackers has risen to $ 1.627. The minimum amount is $ 250. In some cases, cybercriminals have demanded $ 10.000 worth of gift cards. In these cases, the hackers targeted multiple employees at once.
Gift cards are very useful for criminals because can be redeemed immediately. Hackers also receive the cards free of charge, at the expense of the victim, and can then sell them.
Usually, gift cards are requested for: Google Play, eBay, Target, iTunes and Walmart, Best Buy, Amazon, Steam and Apple Store.
The value of the cards can be considered small. But these attacks have increased. Therefore, the total money lost is a lot.
Of course, there are the more traditional ones BEC attacks, who are asking their victims transfer of large sums of money. According to experts, the attacks these have increased in the last quarter.
These attacks are a little more complicated for criminals. Many times they have to go into the inbox of their target and monitor their contacts and communications in order to emulate a particular person and ask for a large sum of money.
The average amount of money required for these scams is $ 55.000. At times, the attackers may even demand hundreds of thousands or millions of dollars. However, when excessive amounts are requested, suspicions are raised.
Criminals prefer them phishing and BEC attacks because they are very successful and usually simple. However, organizations and companies can be protected by taking more measures security, like him multi-factor authentication etc.
“Businesses need to understand that cyberattacks are no longer particularly complex. Most attacks today, such as BECs, are very simple social-engineering attacks and businesses need to make sure they have the right defenses to deal with these kinds of attacks, ”said one researcher.