Business Email Compromise (BEC) Cyberattacks Increase in Mexico

Corporate emails have emerged as prime targets for cyberattacks, particularly Business Email Compromise (BEC) attacks in Mexico. These malicious endeavors by cybercriminals aim to gain unauthorized access to sensitive information by deceiving employees into divulging confidential data. As BEC attacks surge in frequency, it is crucial for businesses to fortify their cybersecurity defenses and cultivate a vigilant workforce.

"Cyberattacks involving social engineering continue to have a significant impact in Mexico and the world. In fact, BEC attacks often start with a fraudulent email that appears to come from a legitimate source, requesting the victim to click on a link, open an attachment or disclose confidential information," says Felipe Méndez, Cybersecurity Leader, IQSEC. 

Kaspersky reports that BEC attacks have intensified in Mexico, as the country is the 15th most targeted in the world. BEC attacks have increased significantly since the pandemic, accounting for more than 50% of cybersecurity incidents.    

In BEC attacks, hackers often design fake email addresses to make it appear as if the message is coming from a familiar source. The emails usually contain urgent or time-sensitive requests, enticing employees to take immediate action. When successful, attackers usually commit financial fraud or carry out further attacks given that the company's system is already compromised. 

A recent report by ABnormal highlights that HR employees are more prone to opening malicious emails. Simultaneously, sales, project engineering and account executive personnel are also susceptible to falling for phishing emails. Understanding these vulnerabilities allows organizations to tailor their cybersecurity training accordingly.

"The compromise of corporate email stands out as an effective strategy. According to FBI reports, each BEC incident carried out in Mexico can cost the affected companies around $124,000,” says Méndez.

The Annual Data Breach Investigations Report (DBIR) for 2023 revealed that 74% of cyberattacks directly result from human involvement, which includes errors, privilege misuse, stolen credentials and social engineering tactics. Additionally, 94% of cyberattacks worldwide remain primarily motivated by financial gains through ransomware payments.

To protect against BEC attacks, IQSEC advises organizations to implement strong cybersecurity practices, such as multi-factor authentication, employee training on recognizing phishing attempts, email security protocols and ongoing monitoring of suspicious email traffic. As the frequency and sophistication of BEC cyberattacks continue to rise, businesses in Mexico must adopt a proactive stance to protect sensitive information and financial assets.