The 2024 Annual Report: Cybersecurity Trends & Insights has uncovered alarming revelations about the rise of social engineering-based Business Email Compromise (BEC) attacks. According to the report, BEC attacks have surged by 1,760% from 2022 to 2023, marking one of the most profound escalations in cyber threats in recent years.

Attributing this surge to the widespread adoption of GenAI, the report details how cybercriminals leverage advanced technologies to enhance their social engineering tactics. GenAI’s capabilities allow attackers to craft more convincing and personalized phishing emails, increasing the likelihood of unsuspecting victims falling prey to clicking.

The report also sheds light on the emergence of quishing (QR code phishing) and two-step phishing. Quishing exploits QR codes. When people scan what they feel is a harmless QR code, they are directed to phishing websites. Meanwhile, two-step phishing attacks add complexity by requiring victims to take multiple actions, making them seem more trustworthy and, therefore, harder to detect and thwart. The ever-evolving nature of cyber risks highlights the need for organizations to adjust their security measures, including investing in AI-powered tools for detecting and combating threats.

Phishing continues to reign as the primary menace, constituting over 70% of all attacks. The report identified quishing accounted for 2.7% of all phishing attempts and a surge in two-step phishing attacks by 175%. Organizations must prioritize user education and awareness to recognize phishing attempts and report them promptly while implementing robust email filtering and threat detection solutions to intercept malicious emails before they reach users’ inboxes.

In addition, the report highlights a significant increase of 350% in Account Takeover (ATO) threats in 2023, with perpetrators exploiting compromised external accounts, such as Vendor Email Compromise, to launch highly targeted assaults. ATO attacks often start with credential harvesting techniques, such as phishing or credential stuffing, and can escalate to unauthorized access to sensitive systems or data. To mitigate ATO risks, organizations should implement multi-factor authentication (MFA) and regularly monitor account activity for suspicious behavior.

Brand impersonation attacks have also risen, with 55% targeting the victim’s employing organization. These attacks often involve spoofed emails or websites that mimic legitimate brands, deceiving recipients into divulging sensitive information or transferring funds to fraudulent accounts. To combat brand impersonation, organizations should implement email authentication protocols like SPF, DKIM, and DMARC to verify the authenticity of incoming emails and detect spoofing attempts.

As cyber threats evolve and escalate, companies like Rynoh are a great ally in this battle, offering robust protection by integrating escrow accounting software and online banking systems. Rynoh’s features, including continuous end-to-end auditing, daily reconciliation, and anti-fraud algorithms, represent the gold standard in escrow and financial security software solutions, providing organizations with the resilience they need in today’s digital landscape. By investing in proactive cybersecurity measures and staying vigilant against emerging threats, organizations can mitigate the risk of falling victim to cybercrime and safeguard their assets, data, and reputation.