According to a recent report by Microsoft, business email compromise (BEC) attacks can take just a few hours, with the majority of the attacks being completed within a day. BEC attacks involve an attacker using social engineering techniques to impersonate an executive or employee to trick the target into transferring funds or sensitive information. The report analyzed data from more than 2 million email accounts across 3,000 domains that use Microsoft’s Office 365 and found that these attacks are becoming increasingly sophisticated and are targeting a wide range of industries. The study also revealed that attackers are using compromised email accounts to launch further attacks, making it difficult to detect and prevent BEC attacks.
To prevent BEC attacks, Microsoft recommends implementing security measures such as two-factor authentication, using machine learning to identify suspicious activity, and educating employees about the risks and warning signs of BEC attacks. The report also emphasizes the importance of swift action when an attack is detected, as time is a critical factor in preventing further damage.