BEC continues to grow in Europe, with spike over the summer holidays

Abnormal Security, the leading behavioral AI-based email security platform, today released new data that showcases business email compromise (BEC) attack trends in Europe, revealing that European organizations experienced a greater volume and frequency of BEC attacks over the last year, as compared to organizations in the United States.

The data is based on an analysis of email attack trends observed across Abnormal customers between June 2022 and May 2023. This included an analysis of traditional BEC attacks like executive impersonation, vendor-focused invoice, and payment fraud, as well as credential phishing, malware, and extortion.

According to the data, the total number of email attacks steadily increased in both the United States and Europe over the course of the year. However, email attacks in Europe increased at a slightly faster rate. While total attacks in the United States grew by 5x between June 2022 and May 2023, Europe saw total attacks increase by 7x during the same period—to an average of 2,842 attacks per 1,000 mailboxes in May.

When evaluating BEC attacks specifically, the disparity was even greater. Between June 2022 and May 2023, BEC attacks in the United States increased by just over 2x. Meanwhile, in Europe, there was a 10x increase in BEC attacks, from an average of one attack to an average of 10 attacks per 1,000 mailboxes.

The data also tracked the likelihood of a company receiving a business email compromise or vendor email compromise (VEC) attack throughout the year. Similarly, both the United States and Europe saw these risks increase throughout the year. However, while in the United States, the trajectory of these increases was fairly steady, in Europe, the data showed a spike in the likelihood of receiving a BEC or VEC attack in August. One reason for this sudden increase may be due to a cultural difference between Europe and the United States when it comes to summer holidays.

“August is when most Europeans take their annual holiday, and it’s not uncommon for employee leave to be highly concentrated around this time, especially when compared to the United States, where peoples’ vacations tend to be more evenly spread throughout the summer months,” said Chris Martin, European Director at Abnormal. “Attackers can expect that many European employees will be away from their computers or distracted around this time—a perfect opportunity to target victims who are more likely to mistakenly fall for a social engineering attack.”

Martin continued, “Despite various nuances in the BEC attack trends across the United States and Europe, the data shows that one thing is clear: BEC attacks are on the rise, and organizations are susceptible no matter where they are located.”

To prevent these attacks, enterprises will need an intelligent cloud email security solution that can precisely detect and block attacks before they reach email inboxes. The Abnormal platform uses behavioral AI to baseline known-good behavior across employees, vendors, applications, and tenants in the email environment. By understanding what is normal, Abnormal can then detect anomalies and remediate malicious emails in seconds—before employees have an opportunity to engage with them.

For more information on BEC attack trends across Europe, visit here.

To see the Abnormal platform in action, visit us at Infosecurity Europe at Booth T60 or request a virtual demo.

About Abnormal Security

Abnormal Security provides the leading behavioral AI-based email security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails and messages in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly, with additional protection available for Slack, Teams, and Zoom. More information is available at abnormalsecurity.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230621511230/en/