Email compromise scams on the up as ‘deep fake’ takes hold: AGCS
Business email compromise incidents are on the rise and will increase further in the ‘deep fake’ era, Allianz Global Corporate & Specialty (AGCS) has warned.
Business Email Compromise (BEC) is a type of scam targeting companies who conduct wire transfers and have suppliers abroad.
Corporate or publicly available email accounts of executives or high-level employees are either spoofed or compromised through keyloggers or phishing attacks to do fraudulent transfers, resulting in hundreds of thousands of dollars in losses.
BEC scams totalled $43bn globally from 2016 to 2021 according to the FBI, with a 65% spike in scams between July 2019 and December 2021 alone.
Increasingly, these attacks are enabled by artificial intelligence enabling ‘deep fake ‘audio or videos that mimic senior executives.
These attacks are becoming facilitated by growing digitalization and availability of data, the shift to remote working and, increasingly, “deep fake” audio or videos that mimic senior executives.
For example, last year a bank employee from the United Arab Emirates made a $35m transfer after being misled by the cloned voice of a company.
AGCS said the the war in Ukraine and wider geopolitical tensions are a major concern as hostilities could spill over into cyber space, causing targeted attacks against companies, infrastructure or supply chains.
This is made my significant for insurers by an evolving third-party liability landscape that means higher compensation and penalties, a growing reliance on cloud services, as well as the impact of a shortage of cyber security professionals.
Despite the rise in BEC scams, ransomware remains the top cyber risk for organizations globally
This accounted for well over 50% of all cyber claims costs during 2020 and 2021, according to AGCS data.
There was a record 623 million ransomware attacks in 2021, double that of 2020. Although frequency reduced by 23% globally during the first half of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period.
Ransomware is forecast to cause $30bn in damages to organizations globally by 2023.
