Table of Contents
Executive Summary
The findings in this report come from the results of active defense engagements with BEC threat actors. Every month, Fortra conducts hundreds of these engagements to collect comprehensive intelligence about BEC tactics and trends to help better understand how the BEC threat landscape is evolving.
The primary findings for August 2024 detailed in this report include the following:
- Fortra observed a decrease of 48% in overall attack volume in comparison to the prior month.
- Gift cards were the most common cash out method, totaling 28.5% of all cash out methods.
- The average amount requested from BEC wire transfer attackers was $72,857 in August compared to $67,397 in July 2024.
- Regional U.S. banks proved to be the most common institutions of choice for wire transfer scammers, making up 26% of the total.
- Specialty banks were the most common institutions of choice for payroll diversion scammers, totaling to 29%.
- 71% of BEC attacks were sent from email addresses hosted on free webmail providers compared to 29% of attacks sent from maliciously registered domains.
- Google was the primary webmail provider used by actors to send BEC campaigns, comprising 80% of the 1,519 free webmail accounts used by scammers.
- Nigeria was the primary location linked to BEC threat actors, with 39% of all BEC actors originating from Nigeria-based IP addresses.
During the month of August 2024, Fortra observed a decrease of 48% in overall attack volume in comparison to the prior month.
BEC Attack Trends
Gift cards were the most common cash out method (28.5%), followed by advanced fee frauds (27.3%), credential phishing (7.8%), payroll diversions (4.8%), vishing (1.4%), and wire transfers (1.0%). Twenty-nine percent of the attacks in August 2024 requested other types of payment such as cryptocurrency.
BEC Wire Transfers
Wire transfer BEC attacks decreased by 61% in August.
The average amount requested from BEC wire transfer attackers was $72,857 in August compared to $67,397 in July 2024, an increase of 8%. During the month of August, 16% of wire transfer BEC attacks requested less than $10,000, while 63% of wire transfer BEC attacks requested between $10,000 and $50,000. For the other 21% of wire transfer BEC attacks, 5% requested between $50,000 and $100,000 and 16% requested more than $100,000.
During the month of August 2024, regional U.S. banks proved to be the most common institutions of choice for wire transfer scammers, comprising 26% of the total. This type of bank was followed by major U.S. banks (22%), specialty banks (22%), and international (non-U.S.) banks (22%).
BEC Payroll Diversions
During the month of August 2024, specialty banks proved to be the most common institutions of choice for payroll diversion scammers, comprising 29% of the total. This type of bank was followed by regional U.S. banks (23%), online banks (15%), major U.S. banks (13%), and international (non-U.S.) banks (12%).
For the month of August, 112 banks were utilized in payroll diversion scams.
BEC Infrastructure
71% of BEC attacks were sent from email addresses hosted on free webmail providers compared to 29% of attacks sent from maliciously registered domains. The percentage of free webmail providers used decreased in August compared to 75% in July 2024.
For August 2024, Google was the primary webmail provider used by actors to send BEC campaigns, comprising of 80% of the 1,519 free webmail accounts used by scammers. Other popular webmail providers included Microsoft and Verizon Media.
BEC Attack Locations
Nigeria was the primary location¹ linked to BEC threat actors in August, with nearly 39% of all BEC actors originating from Nigeria-based IP addresses. United States was next, with 35% of the total attackers located there.
Gain Confidence in Your Email Security
Let Fortra be your ally in defending against BEC attacks.