Business Email Compromise (BEC) attacks Attack.Phishing jumped 45 % in the final quarter of 2016 , compared to the previous three months , according to new stats from Proofpoint . The security vendor claimed such attacks have grown both in volume and sophistication . Also known as “ CEO fraud ” and “ whaling ” , these attacks Attack.Phishing typically involve fraudsters spoofing Attack.Phishing the email addresses of company CEOs to trick Attack.Phishing staff members into transferring funds outside the company . However , Proofpoint also includes attempts to target HR teams for confidential tax information and sensitive employee data , as well as engineering departments which may have access to a wealth of lucrative corporate IP . In its analysis of over 5000 global enterprise customers , it claimed that in two-thirds of cases the attacker spoofed Attack.Phishing the “ from ” email domain to display the same as that of the targeted company . These attacks Attack.Phishing can thwart some systems , because they don ’ t feature malware as such – just a combination of this domain spoofing Attack.Phishing and social engineering of the victim to force them to pay up . Part of the trick is to harry the target , rushing them so they have less time to think about what they ’ re doing . That ’ s why over 70 % of the most common BEC Attack.Phishing subject line families appraised by Proofpoint featured the words “ Urgent ” , “ Payment ” and “ Request ” . The vendor claimed that firms in the manufacturing , retail and technology sectors are especially at risk , as cyber-criminals repeatedly look to take advantage of more complex supply chains and SaaS infrastructures . Vice-president of products , Robert Holmes , argued that although employee education was important , it needs to be complemented by the right set of tools to weed out fraudulent emails . “ When it comes to BEC attacks Attack.Phishing , employees should never be an organization ’ s first line of defense . It is the organization ’ s responsibility to ensure that security technologies are in place , so that BEC attacks are stopped before they can reach their intended target , ” he told Infosecurity Magazine . BEC Attack.Phishing has become so popular among the black hats that the FBI warned organizations last year the scams had cost billions since 2013 . Trend Micro predicted that 2017 would see more and more cyber-criminals turn to BEC Attack.Phishing given the potential rich pickings – claiming the average pay-out is $ 140,000 , versus just $ 722 for a typical ransomware attack Attack.Ransom . However , Holmes argued that ransomware and BEC actors are likely “ two distinct types of criminal ” . “ While ransomware attacks Attack.Ransom require technical infrastructure to launch campaigns at scale , BEC attacks Attack.Phishing are socially engineered and highly targeted in nature , conducted by a single actor rather than teams , and generally launched from shared email platforms , ” he explained . “ While cyber-criminals will always go where the money is , we do not envision a drastic change in tactics such as traditional purveyors of ransomware transitioning to BEC Attack.Phishing . As long as ransomware and trojans continue to pay , cyber-criminals with technical skillsets are unlikely to down tools and pivot towards such a fundamentally different type of attack vector . ”

Financial institutions worldwide including those in the country have been implored to be extremely cautious of the growing cyber-attacks that put them at great risk this year than before . The report further cautions that a slight mistake could cause great cash loss to the financial institutions like what happened to a Bangladesh Bank Central Bank . The Sophos report indicates that financial infrastructure is at greater risk of attack . `` The use of targeted phishing Attack.Phishing and 'whaling ' continues to grow . These attacks Attack.Phishing use detailed information about company executives to trick Attack.Phishing employees into paying fraudsters or compromising accounts . `` We also expect more attacks on critical financial infrastructure , such as the attack involving SWIFTconnected institutions which cost the Bangladesh Central Bank $ 81 million in February , '' reveals the report . The caution comes in following a Cybersecurity giant Sophos report published recently shows that the attacks are expected to increase this year . Expounding further , the report indi - cates that the year 2016 saw a huge number and variety of cyber-attacks , ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election , according to a report by a Cybersecurity giant Sophos . The Sophos report shows that they also saw a rising tide of data breaches Attack.Databreach from big organisations and small and significant losses of people 's personal information . `` Since the year 2016 is over , we 're pondering how some of those trends might play out in 2017 , '' it notes . The report indicates that the current and emerging attack trends include the destructive DDoS IOT attack which is expected to rise . `` In 2016 , Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT ( Internet of Things ) devices . Mirai 's attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques , '' part of the report indicates . However , the report claims that cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities . `` Expect IoT exploits , better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network , '' it notes . It shows there is a shift from exploitation to targeted social attacks . `` Cybercriminals are getting better at exploiting the ultimate vulnerability - humans . Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves . For example , it 's common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect , '' explains part of the report . It further states that shock , awe or borrowing authority by pretending to be Attack.Phishing law enforcement are common and effective tactics , saying that the email directs them to a malicious link that users are panicked into clicking on , opening them up to attack . `` Such phishing attacks Attack.Phishing can no longer be recognised by obvious mistakes , '' it states . SWIFT recently admitted that there have been other such attacks and it expects to see more , stating in a leaked letter to client banks , stating that the threat is very persistent , adaptive and sophisticated - and it is here to stay . The Sophos report notes that there is increasing exploitation of the Internet 's inherently insecure infrastructure . All Internet users rely on ancient foundational protocols and their ubiquity makes them nearly impossible to revamp or replace