CYREBRO’s Fraud Analysis Sheds Light on How to Fight Against BEC and Fraud

Fraud is nothing new and has existed well before the world wide web came into play. But with constant digital transformations and advancements in technology, it’s expected that fraud too will evolve and shift, becoming ever more dangerous and complex. Con artists continue to keep up with security trends, including digital resources, content, and organizational processes. The latest 2021 FBI crime report showed an estimated $2.4 billion in losses from BEC (business email compromise) schemes alone and was standing high at $4.2 billion the previous year.

CYREBRO has carefully investigated and analyzed two dozen fraud cases to determine common factors, like attacker actions, their intent, and those most at risk. Our sample size ranged from micro to enterprise-level organizations with varying network architectures, software, and network management solutions to provide greater insight and details readers can use to educate and protect themselves against modern fraud.

These key findings, based on our investigative report, have also allowed us to identify ways in which companies could have protected themselves.

Key Fraud Prevention Findings

Over the course of this analysis, CYREBRO was able to identify several key findings that can assist with fraud prevention from both internal and external threats. Our finding cover and explain:

  • The need to have an enforced MFA
  • The importance of password changes
  • IP whitelisting and geolocation locking
  • The implementation of cyber security awareness programs

Each of these recommendations for limiting exposure to cyber threats is broken down and expanded on in our investigation analysis, which organizations can use to stay up to date on modern security measures.

Our findings have shown where these online fraudsters originated from and the prevalent use of virtual private networks (VPNs), which essentially allows bad actors to hide their location, making it difficult to locate them.

While businesses should be alert to external threats like these, our fraud investigation has also revealed how insider incidents—meaning those that occur from within the company either through malice or carelessness—has risen sharply in the past two years.

The Humble Beginnings of a Fraud Attack Chain

Our analysis indicates that fraud attacks generally aren’t these big elaborate schemes, as the news media may suggest—which often features grandiose ransomware incidents and supply chain disruption. They’re simple, and most start with a basic phishing attack often sent as a generic mass email or through social media—a method known as “spray and prey”. The goal is simple—get the individual to click on a malicious link or attachment or secure personal information and credentials through phishing websites that appear legitimate.

If you’ve ever come across a website whose domain name is nearly identical to a legitimate business, e.g., but is slightly off, that’s a phishing website.

In a business or organization, the employees most at risk are those who have non-technical roles and who may not have familiarity with the difference between traditional emails and phishing emails. They may also have less awareness of cybersecurity in general, which leaves them vulnerable right from the start. Cybercriminals take advantage of these unaware employees by appealing to them with a sense of urgency. Subject headers in emails, for example, may read “Urgent” or “Important”, making it easier to get the victim’s attention and lure them in.

The analysis we uncovered can help organizations prepare themselves for any potential threats or attacks. You can learn more about reducing your risk and keeping your business protected from BEC scams and fraud in our full report.

Think Like the Fraudsters

Our investigation also highlights the attacker’s timeline in BEC scams and wire fraud. When organizations and teams can work together to determine the steps that were taken and the order they were taken as well as understand the planning and tactics eschewed by fraudsters, it gives everyone the opportunity to recognize an attack when it occurs and helps them to identify patterns of unusual behavior.

For example, an attack may begin with the “spray and prey” method discussed above in which a mass email is sent to random users, followed by a victim getting hooked, followed by the attacker learning more about the organization from their bait, and so on. Our report walks you through every step of this timeline that leads to successful fraudster Tactics, Techniques, and Procedures (TTP).


Cyber-attacks have the ability to be not only disruptive but disastrous for businesses, with one or two successful attacks leading to further losses. Given fraud’s lengthy and prominent history in our ever-changing tech-driven world (particularly when it comes to Business Email Compromise related fraud which accounted for 37% of all security-related losses last year) CYREBRO has been able to track and investigate fraud to provide valuable insight into the modern fraudsters attack methodology.

Using the first interactive SOC Platform, organizations can maintain business continuity and receive alerts about suspicious and irregular emails or fraudulent activity within their network’s infrastructure. Keeping you aware and safe from fraud and financial losses.

Read the full report here – 2022 Fraud and Email Compromise Investigation Analysis

Sign Up for Updates