AI behind surge in business email compromise attacks


Social engineering-based business email compromise (BEC) attacks have risen by 1,760% in the past year, mostly fueled by the advancements in generative artificial intelligence (GenAI).

While painful for victims, BEC attacks accounted for only one percent of cyberattacks in 2022. However, this number rose drastically to 18.6% last year, with security company Perception Point – which highlighted the change in its newest report – believing that AI is to blame.

BEC is said to be the most profitable segment of online fraud. Cybercriminals craft creative emails that impersonate companies and business executives, fooling their victims into handing over their data and money.

“GenAI has fueled the phenomenal growth in BEC attacks, facilitating incredibly well-crafted and targeted social engineering-based attacks that are challenging to detect,” Perception Point said.

Phishing remained the top cyber threat, accounting for over 70% of attacks. The company also observed a new “trending threat” called quishing. This refers to cybercriminals exploiting QR codes and redirecting them to users who are tricked into scanning them. They lead to malicious sites designed to steal credentials and other data.

“Attackers are exploiting the prevalence and inherent trust of QR codes in modern life to turn a straightforward scan into a serious threat,” the company noted.

According to the report, six percent of QR codes sent via email last year were, in fact, malicious.

Two-step phishing attacks also saw a significant increase last year. In these attacks, threat actors exploit legitimate website-building, hosting, or file-sharing companies to evade detection.

"Organizations of all sizes are entering a new frontier with the proliferation of GenAI and its implications on their security posture. We are witnessing an unprecedented surge in social engineering threats and highly evasive attacks that demand innovative security solutions," said Yoram Salinger, CEO at Perception Point.