Small in volume, but big on financial impact. Business Email Compromises (BEC) make up only ~1% but result in over $350 million in direct losses.

AFackers draw from current events to make emails more convincing

like the COVID lure example used below

BUSINESS EMAILCOMPROMISE (BEC)

IMPERSONATION

Backdoors aren’t necessary when users provide the key to the front door. The objecRve for many phishing aFacks is stealing account credenRals.

It Started OutWith a PhishHow Did It End Up Like This?

2021 SECURITY REPORT

S E C U R I T Y

STOLEN CREDENTIALS

U R L R E D I R E C T S T O C R E D E N T I A L

H A R V E S T E R I M P E R S O N AT I N G

M I C R O S O F T O N E D R I V E :

h"ps://f000.backblazeb2[.]com/file/analog-bitness-59f08259/index.html

9.3%of allmalicious a+acks

involve creden2alharvesters

ATTACKER HIJACKS THREAD AND PIVOTS TO ATTACKER ACCOUNT

The average BEC request is nearly

1.5M$

I D E N T I T Y D E C E P T I O N L I K E

D I S P L AY A N D D O M A I N N A M E

S P O O F I N G M A K E U P N E A R LY 9 %

O F AT TA C K S

T H E T O P 1 0 I M P E R S O N AT E DB R A N D S A C C O U N T F O R O V E R 5 6 % O F A L L S P O O F - A N D I M P E R S O N AT I O N - B A S E D P H I S H I N G AT TA C K S

To learn about otherstats and findings

DOWNLOAD THE FULL REPORT

C O M P R O M I S E D S E N D E R

LEGITIMATE, BENIGNEMAIL THREAD

9%

56%