Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

‘Dual-channel’ attacks are the new face of BEC in 2026 | Computer Weekly

By Computer Weekly by By Computer Weekly
January 13, 2026
Home Uncategorized
Share on FacebookShare on Twitter


So-called ‘dual-channel’ attacks using multiple methods of communication either simultaneously or in sequence are becoming more prevalent as digital fraudsters seek out new ways to defeat cyber protections against business email compromise (BEC) scams, according to new data from security services supplier LevelBlue.

BEC attacks – which spoof trusted entities, often c-suite executives, then use their identities to convince victims to transfer money into the attackers’ pockets – have long been a bugbear for enterprise defenders.

“[BEC] continues to be one of the costliest cyber attacks as reported by the FBI’s IC3, with over $2.7bn (£2bn) in adjusted losses in 2024 alone,” wrote LevelBlue researcher Katrina Udquin.

“BEC attacks are not slowing down, and fraudsters continue to evolve their scamming techniques and arsenal,” she said.

According to LevelBlue, last year its systems observed a significant increase in BEC attacks in which the initial lure was a request for contact, seeking to establish the potential victim’s mobile number or personal email address. A total of 43% of lures that it saw took this form, compared to 31% which took the form of a more traditional request for a payroll transfer, and 10% which asked for invoice payments or wire transfers.

Such request for contact lures are very often a precursor to a dual-channel attack seeking to move the conversation to an alternative platform.

LevelBlue’s systems tallied over 5,000 unique dual-channel attacks in 2025, and found that in 66% of them, the cyber fraudsters tried to move the conversation to traditional SMS messaging, in 32% of cases to messaging applications such as WhatsApp, and in 2% of cases to personal email addresses.

The rationale behind this tactic is a relatively simple one – external mobile networks, messaging applications and personal email addresses will in almost all circumstances fall well beyond the purview of any enterprise IT security department.

Done successfully, a dual-channel attack renders expensive email protection services basically useless, meaning all security teams can do is hope that the social engineering modules of their cyber training courses have been effective.

Related to this, LevelBlue said it also observed an increase in callback phishing, in which the criminals encourage their mark to reach out first by contacting a specified malicious phone number. This tactic more than doubled in popularity during 2025. Callback phishing is effective because it relies heavily on authority bias and a sense of urgency, exploiting people’s tendency to take messages or instructions from people in positions of authority seriously.

Emerging trends

According to LevelBlue’s data – gleaned largely from its proprietary MailMarshal defence service – 2025 saw a number of other notable trends developing in the BEC sphere.

Among these were the emergence of longer-form BEC emails. While BEC spam has traditionally been rather concise, more longer, well-crafted messages are now increasingly being seen, likely a result of cyber fraudsters trying to make their emails more elaborate and more authentic. Often, said LevelBlue’s researchers, longer emails appear to be being generated with the ‘help’ of generative artificial intelligence (GenAI) large language models (LLMs).

The past 12 months also saw a spike in attacks using multiple-personas and crafted email threads, where the victim appears to be copied in on an ongoing email chain. This tactic has been well-used for the past four or five years by nation-state threat actors targeting individuals of interest, such as academics, activists, diplomats, journalists or politicians, but is now spreading among financially-motivated groups, too.

In a criminal context multiple-persona impersonation and email threads seem to be being used predominantly in invoice payment fraud, with the spoofed identities often including the victim’s third-party suppliers.

Preventing BEC: Back to basics

Although cyber criminal tactics around BEC are clearly evolving, defenders can take solace from the fact that the best ways to protect against it are tried and tested.

Naturally, it remains an absolute imperative that staff across the organisation are educated on how to identify potential BEC spam email indicators.

Beyond this, security teams should ensure that they work with compliance and financial colleagues to ensure the organisation performs rigorous identification and verification checks when making external payments.

Finally, limiting access controls to organisational systems, records and documentations, and protecting these with multifactor authentication (MFA) as standard, can inhibit the risk of data theft.



Source link

By Computer Weekly

By Computer Weekly

Next Post
Stocks making the biggest moves premarket: L3Harris, JPMorgan, Delta, Intel, AMD and more

Stocks making the biggest moves premarket: L3Harris, JPMorgan, Delta, Intel, AMD and more

Recommended.

Markets no longer view the December rate cut as a sure bet, with Fed officials casting doubts

Markets no longer view the December rate cut as a sure bet, with Fed officials casting doubts

November 13, 2025
Barclays hit by major IT outage on HMRC deadline day | Computer Weekly

Barclays hit by major IT outage on HMRC deadline day | Computer Weekly

January 31, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio