Cybercriminals have been going to great lengths throughout 2020 to get their hands on confidential information such as log-in details that let them bypass a company’s security systems and commit theft or fraud by manipulating employees using fake or doctored emails. While this form of online social engineering had declined from Q4 2019 to Q1 2020, the arrival of the global pandemic provided cybercriminals with the perfect cover for ramping up email attacks. Coinciding with the increase in remote working during the second quarter, our global data has shown employees have been more likely to fall for social engineering scams, with organizations in the middle market most likely to be victimized.
Remote working poses challenge for prevention and detection
During the second quarter of 2020, cybercriminals had greater success in duping employees with phishing and social engineering scams. The number of incidents involving social engineering and business email compromise (BEC) reported to Beazley Breach Response (BBR) Services grew over Q1, even as the total incident count fell slightly.
The majority of social engineering attacks result in a BEC, where the cybercriminal gains access to an email account. However, in Q2 cybercriminals were most successful in stealing funds using social engineering techniques to provide fraudulent payment instructions without a system compromise.
With the expansion of the remote workforce, detecting and preventing social engineering scams has become more difficult. Employees are typically the first line of defense, but working remotely can make it harder for employees to maintain a culture of compliance. While the increase in distractions that come with caring for family members while working have been widely discussed, physical separation from the workplace is also a factor. Without a coworker to converse with at the next desk, employees are less likely to do a “sense check” of a suspicious email. In fact, BBR Services has handled an increase in notifications involving employees who admit they did not notice anything suspicious.
In another development, BBR Services has noted a slow-down in the speed at which companies detected that payments were being redirected, particularly if the change to payments had occurred near the beginning of the pandemic response.
Cybercriminals shift to the middle market; attacks become more sophisticated
Organizations in the middle market were increasingly likely to be targeted compared to smaller organizations, and reported 60% of these incidents, up from 46% in Q1. To the extent middle market organizations have been more resilient in carrying on day-to-day operations during the pandemic, their employees are more available to be targeted. And for cybercriminals, particularly those who can execute more sophisticated attacks, middle market organizations are richer targets.
Fraudulent instruction incidents grew in Q2
Not all scams require such sophistication to be successful. Social engineering incidents involving fraudulent instruction grew the most in Q2, compared to Q1, according to global figures reported by BBR Services. In these incidents, the victim’s system is not always compromised, but the cybercriminals use social engineering to convince an employee to change wire instructions, thus diverting payments to an account they control, or to take some other action that leads to financial loss.
Healthcare, financial institutions, manufacturing, real estate, and education were the most targeted industries in Q2 2020. Middle market organizations were again the primary target of all fraudulent instruction attacks, reporting 55% of incidents in Q2, compared to 24% in Q1 2020.