Spotlighting BEC Attacks in Europe: A Region At Risk

Business email compromise, or BEC, continues to be a major security threat for businesses throughout the world. In fact, just last week, the FBI published an updated public service announcement estimating that BEC attacks generated more than $50 billion in losses across 177 countries over the last nine years. Between December 2021 and December 2022 alone, there was a 17% increase in losses worldwide.

Why? Because these text-based attacks are particularly difficult for traditional tools to detect, meaning they make their way to the inbox, where employees can engage with them. The FBI data paints a concerning picture of BEC’s potential for devastation across the globe. But how does that picture change when we break it down by region? Are some parts of the world faring better (or worse) than others?

Abnormal recently evaluated attack trends in our platform over the last year, looking at the United States and Europe specifically, and identified that one of these regions suffered a greater volume of attacks than the other—and by a longshot.

Between June 2022 and May 2023, both the United States and Europe saw increases in email attacks across the board. This increase includes traditional BEC attacks like executive impersonation plus vendor-focused invoice and payment fraud, as well as credential phishing, malware, and extortion.

This comes as no surprise. BEC has (and is continuing to) become increasingly difficult to detect, as cybercriminals get more sophisticated by the day. Especially with tools like ChatGPT and other generative AI platforms on the rise, lowering the barrier to entry for launching advanced attacks, it’s reasonable to expect an uptick in email attacks over time. The distinguishing factor, however, was the rate at which these attacks were increasing—particularly in Europe.

When looking at attack trends, Abnormal normalises data by number of attacks per one thousand mailboxes. In the United States, there were an average 482 attacks per 1,000 mailboxes in June 2022, and that number jumped to 2,553 attacks in May—a 5x increase. However, in Europe, attacks increased 7x during that time period—from an average of 392 attacks per 1,000 mailboxes in June 2023 to 2,842 attacks last month, surpassing the total number of attacks in the United States for the first time.

And when we looked at BEC specifically, here’s where the increase rates were staggeringly different. It’s worth noting that due to their targeted nature, the average organisation only sees a few of these each month. The US saw just over a 2x increase in BEC attacks over the course of the year, from five attacks in June 2022 to 12 attacks in May 2023. Europe, on the other hand? A starkly greater 10x increase, from one attack in June 2022 to 10 attacks in May 2023.

While the United States has been the target of cybercrime for quite some time, threat actor interest in Europe is clearly increasing—underscoring the need for more advanced security measures that will block attacks before they reach inboxes.

When we looked at how likely organisations were to receive BEC attacks, and their vendor-focused subset of VEC attacks, we again saw expected increases over the course of the year in both the US and Europe. A key difference, however, was that while in the US the upward trend remained fairly steady, Europe saw abrupt spikes in BEC and VEC attacks—particularly in August.

What is it about this time of the year that could make organisations more susceptible to attack, and why in Europe but not the United States?

One likely reason is a cultural difference between these regions when it comes to summer holidays, where August is known to be the most popular time of the year to step away from the office—particularly for Europeans. As a result, those employees who are checking email are more likely to be distracted and may complete actions from their mobile devices that they would think twice about when not on holiday. It appears that attackers use this opportunity to send BEC and VEC attacks and phishing links, knowing that employees are more apt to respond to emails that contain urgent instructions.

What does this tell security leaders? Namely that their employees always need to be on the lookout for attacks, but especially while out on holiday or shortly after returning.

Comparing email attack trends across multiple regions can shed light on particular vulnerabilities unique to different parts of the world, which is something we can all learn from—like the importance of being extra vigilant around the summer holidays.

But despite the differences in these regional trends, one takeaway rings loud and clear: email threats, and particularly BEC attacks, are on the rise everywhere. No matter where in the world you or your employees are located, it is crucial that you’re taking steps to ensure your organisation is well protected.

Organisations need modern email security that can detect modern threats, including the smallest shifts in activity and content that could indicate a potential attack. A solution that leverages artificial intelligence and machine learning to baseline known-good behaviour across employees and vendors will allow the platform to then detect and remediate malicious emails—including sophisticated and socially-engineered BEC emails— before they ever reach employee inboxes.

Curious to see how Abnormal can stop these attacks for organisations worldwide? Request a demo today.