New Research from Abnormal Security Highlights 10X Increase in Business Email Compromise Attacks in Europe

BEC continues to grow in Europe, with spike over the summer holidays

Abnormal Security, the leading behavioral AI-based email security platform, today released new data that showcases business email compromise (BEC) attack trends in Europe, revealing that European organizations experienced a greater volume and frequency of BEC attacks over the last year, as compared to organizations in the United States.

The data is based on an analysis of email attack trends observed across Abnormal customers between June 2022 and May 2023. This included an analysis of traditional BEC attacks like executive impersonation, vendor-focused invoice, and payment fraud, as well as credential phishing, malware, and extortion.

According to the data, the total number of email attacks steadily increased in both the United States and Europe over the course of the year. However, email attacks in Europe increased at a slightly faster rate. While total attacks in the United States grew by 5x between June 2022 and May 2023, Europe saw total attacks increase by 7x during the same period—to an average of 2,842 attacks per 1,000 mailboxes in May.

When evaluating BEC attacks specifically, the disparity was even greater. Between June 2022 and May 2023, BEC attacks in the United States increased by just over 2x. Meanwhile, in Europe, there was a 10x increase in BEC attacks, from an average of one attack to an average of 10 attacks per 1,000 mailboxes.

The data also tracked the likelihood of a company receiving a business email compromise or vendor email compromise (VEC) attack throughout the year. Similarly, both the United States and Europe saw these risks increase throughout the year. However, while in the United States, the trajectory of these increases was fairly steady, in Europe, the data showed a spike in the likelihood of receiving a BEC or VEC attack in August. One reason for this sudden increase may be due to a cultural difference between Europe and the United States when it comes to summer holidays.

Marketing Technology News: MarTech Interview with Lindsay Sanchez, CMO at Khoros

“August is when most Europeans take their annual holiday, and it’s not uncommon for employee leave to be highly concentrated around this time, especially when compared to the United States, where peoples’ vacations tend to be more evenly spread throughout the summer months,” said Chris Martin, European Director at Abnormal. “Attackers can expect that many European employees will be away from their computers or distracted around this time—a perfect opportunity to target victims who are more likely to mistakenly fall for a social engineering attack.”

Martin continued, “Despite various nuances in the BEC attack trends across the United States and Europe, the data shows that one thing is clear: BEC attacks are on the rise, and organizations are susceptible no matter where they are located.”

To prevent these attacks, enterprises will need an intelligent cloud email security solution that can precisely detect and block attacks before they reach email inboxes. The Abnormal platform uses behavioral AI to baseline known-good behavior across employees, vendors, applications, and tenants in the email environment. By understanding what is normal, Abnormal can then detect anomalies and remediate malicious emails in seconds—before employees have an opportunity to engage with them.

Marketing Technology News: The Bonfire of the Vanity URLs