COVID-19 spear-phishing lures and rise in BEC attacks targeting businesses


Barracuda has released a new report with key findings about the ways that cybercriminals are continuing to adapt their tactics to capitalise on current events.

The report, titled Spear Phishing: Top Threats and Trends Vol. 5 – Best practices to defend against evolving attacks, revealed a rise in number of business email compromise (BEC) attacks, which make up 12% of all spear-phishing attacks targeting businesses, up from just 7% in 2019.

According to the report, a huge 71% of spear-phishing attacks include malicious URLs, compared with only 30% of BEC attacks, as hackers using BEC attacks are able to make stronger inroads with their victims, first establishing trust and encouraging a reply to their email, with the lack of a URL making it harder to detect the attack.

The report also found that COVID-19-related angles are still a favourite lure for scammers looking to net unsuspecting victims, with fake cures and donations being the most popular bait in less targeted attacks. In fact, researchers found that a huge 72% of COVID-19-related attacks involved scamming, compared to only 36% of overall attacks.

Worryingly, researchers also found that 13% of all spear-phishing attacks come from internally compromised accounts, underlining the need for organisations to do more in protecting internal as well as external email traffic.

“Cybercriminals across the globe continue to adapt their approaches in exploiting current events in order to find the best lure to entice unsuspecting users, said Mark Lukie, Engineer Manager, Barracuda APAC.

“Understanding how your organisation could be vulnerable and staying up-to-date about the latest tactics and threats while taking the proper precautions to stay protected, is the only way to avoid falling victim to scammers’ latest tricks,” he added.

See the full report