A Business Email Compromise (BEC) attack is an increasingly growing cybercrime that targets specific individuals or businesses. Attackers use impersonation and language-based tactics to deceive victims into taking certain actions, to make illicit financial gains, or extract sensitive business information. With Deep Learning AI and the latest advances in Natural Language Processing, Sophos has built powerful technology that accurately detects the tone and malicious patterns used in such targeted email attacks. The technology allows email security vendors to expand their value proposition with BEC prevention and anti-spear phishing capabilities.
- Sophos’ latest 2023 Threat Report reveals the rise of the "Phishing-as-a-Service" model. The Data Breach Investigation Report (DBIR 2023) adds more evidence to this and observes pretexting or BEC and spear phishing threats becoming more prevalent than other forms of social engineering attacks
- Instead of the usual tradecraft that involves malware-laden emails with malicious attachments or URLs, attackers deploy highly targeted social engineering, adopting the language and tone that senior executives or trusted sources use
- Scammers deceive their unsuspecting victims by posing as trustworthy sources or individuals and use language that conveys urgency or authority to extract sensitive information or persuade them to take certain actions, like transferring money, updating passwords, and modifying shipping orders or invoices. Attackers use extracted details to commit more cybercrimes and cause greater financial and reputational damage and yet manage to remain undetected