Wire Transfer Phishing Scams See Year-End Surge

The end of 2015 brings one trend that won’t make any business feel better as the year wraps up: an increase in wire transfer scams being perpetrated by cybercriminals.

A new report titled Phishing Activity Trends by APWG shows the number of phishing attacks have increased in the final quarter of the year, surging above what was seen in the first three quarters of 2015.

While payment and financial service providers came in second on the list of the most targeted industries, the data shows that wire transfer scams are on the rise. The most targeted industry still, according to the data, is Internet Service Providers.

Overall, what phishers are gaining through the targeted scams are personal data, credit card credentials, along with access to domain names and hosting management credentials — which is also linked to payment information.

The most common form of the phishing scams are through email and include what’s called Business Email Compromise (BEC) scams. This involves the phisher tricking the end user to transferring funds into an account that’s actually ran by cybercriminals. And throughout 2015, this trend continued as FBI data showed a whopping 270 percent increase in losses connected with BEC scams.

“BEC scams seek to socially engineer the employees of a business,” said Carl Leonard, Principal Security Analyst at APWG member Raytheo-Websense. “The attacks use a form of spear-phishing, and initial attacks sent the spear-phishing emails from free domain names that closely resembled the victim company’s domain name. Later attacks used a forged ‘from’ address that matched the victim’s domain. We strongly encourage that businesses educate their employees about the dangers of these scams and implement technologies that intercept the incoming emails.”

And as the cybersecurity trends have shown this year, no company is immune to such attacks.

“All types and sizes of companies are vulnerable to BEC scams. I’ve seen companies with under 10 employees being targeted. All businesses should therefore assume that they have been researched by a criminal who has determined the names and email addresses of the employees who can authorize and execute wire transfers. Businesses can also protect themselves by allowing bank transfers only after multiple internal approvals,” remarked APWG Senior Research Fellow Greg Aaron.

In March 2015, addressing a crowd at Innovation Project 2015, retired four-star General Keith Alexander, the former director of the National Security Agency, quieted the crowd with his rather sober reality of the future of cybercrime and cybersecurity.

Over the next two years, cyber attacks will get worse before they get better.

Now, heading into 2016, that seems to be the same sentiment in the cybersecurity industry. Speaking to VentureBeat, Ted Schlein — a general partner at Kleiner Perkins Caufield & Byers and an investor in the cybersecurity space — explained how, as also mentioned by Dow Jones CEO William Lewis, “no company is immune” to breaches.

“There are only two types of companies in the world: those that have been breached and know it and those that don’t,” Schlein said in the VentureBeat interview. “There’s not a company around that if a bad guy wants to get in, they won’t. You can try and make a high and mighty argument that ‘you can’t touch me,’ but it won’t happen. You have to change the method and make the breaches irrelevant.”

As the cybersecurity industry continues — and as more breaches occur — the concept of staying in touch with the latest cybersecurity trends and threats have become even more critical. Staying on top of security trends is an obvious benefit for businesses, but that’s a concept that’s easier said than done.