According to the Symantec Internet Security Threat Report – Email Threats 2017 , business email compromise (BEC) scams target around 8,000 businesses every month, sending five such emails per month to a targeted company in the hopes of at least one slipping through the cracks.
“Picture yourself as a junior-level accountant in a mid-sized company. It is your first job – you’re stressed, overworked and keen to prove yourself. An email comes through titled ‘URGENT’, from an email ID almost identical to that of your boss or client. Naturally, you reply and ask what you can do to help. You may have also just been scammed,” Symantec said.
The report also found that malware has become so common in 2017 that one in nine email users have encountered malware so far this year, and that figure continues to grow.
However, business losses are not limited to direct financial losses. The Symantec report suggested that companies with effective spam filters, which stop the vast majority of malware emails getting through, are effectively employing two people for every 100 employees to deal with the incoming spam.
“Attackers appear to be targeting certain businesses at higher rates than others. Some industries are particularly targeted, often seeing threat rates twice as high as the overall average,” the report said.
Those industries most heavily targeted are headed up by wholesale trade, where close to one in four (23.8 per cent) of employees have been identified as receiving malicious emails.
This is closely followed by mining (22.6 per cent), and then agriculture, forestry and fishing (18.4 per cent), public administration (16.9 per cent), retail trade (14.4 per cent) and construction (12.9 per cent).
Businesses looking to minimise their exposure to malevolent emails should, according to Symantec, focus their efforts on three main culprits: bills and invoices, package deliveries and scanned documents.