‘Twin-channel’ assaults are the brand new face of BEC in 2026
So-called ‘dual-channel’ assaults utilizing a number of strategies of communication both concurrently or in sequence have gotten extra prevalent as digital fraudsters search out new methods to defeat cyber protections in opposition to enterprise electronic mail compromise (BEC) scams, in keeping with new information from safety providers provider LevelBlue.
BEC assaults – which spoof trusted entities, typically c-suite executives, then use their identities to persuade victims to switch cash into the attackers’ pockets – have lengthy been a bugbear for enterprise defenders.
“[BEC] continues to be one of many costliest cyber assaults as reported by the FBI’s IC3, with over $2.7bn (£2bn) in adjusted losses in 2024 alone,” wrote LevelBlue researcher Katrina Udquin.
“BEC assaults are usually not slowing down, and fraudsters proceed to evolve their scamming methods and arsenal,” she stated.
In line with LevelBlue, final yr its techniques noticed a big enhance in BEC assaults during which the preliminary lure was a request for contact, looking for to determine the potential sufferer’s cellular quantity or private electronic mail deal with. A complete of 43% of lures that it noticed took this type, in comparison with 31% which took the type of a extra conventional request for a payroll switch, and 10% which requested for bill funds or wire transfers.
Such request for contact lures are fairly often a precursor to a dual-channel assault looking for to maneuver the dialog to another platform.
LevelBlue’s techniques tallied over 5,000 distinctive dual-channel assaults in 2025, and located that in 66% of them, the cyber fraudsters tried to maneuver the dialog to conventional SMS messaging, in 32% of circumstances to messaging functions comparable to WhatsApp, and in 2% of circumstances to private electronic mail addresses.
The rationale behind this tactic is a comparatively easy one – exterior cellular networks, messaging functions and private electronic mail addresses will in virtually all circumstances fall effectively past the purview of any enterprise IT safety division.
Accomplished efficiently, a dual-channel assault renders costly electronic mail safety providers mainly ineffective, that means all safety groups can do is hope that the social engineering modules of their cyber coaching programs have been efficient.
Associated to this, LevelBlue stated it additionally noticed a rise in callback phishing, during which the criminals encourage their mark to achieve out first by contacting a specified malicious cellphone quantity. This tactic greater than doubled in reputation throughout 2025. Callback phishing is efficient as a result of it depends closely on authority bias and a way of urgency, exploiting individuals’s tendency to take messages or directions from individuals in positions of authority significantly.
Rising tendencies
In line with LevelBlue’s information – gleaned largely from its proprietary MailMarshal defence service – 2025 noticed a variety of different notable tendencies creating within the BEC sphere.
Amongst these had been the emergence of longer-form BEC emails. Whereas BEC spam has historically been quite concise, extra longer, well-crafted messages at the moment are more and more being seen, doubtless a results of cyber fraudsters attempting to make their emails extra elaborate and extra genuine. Typically, stated LevelBlue’s researchers, longer emails look like being generated with the ‘assist’ of generative synthetic intelligence (GenAI) massive language fashions (LLMs).
The previous 12 months additionally noticed a spike in assaults utilizing multiple-personas and crafted electronic mail threads, the place the sufferer seems to be copied in on an ongoing electronic mail chain. This tactic has been well-used for the previous 4 or 5 years by nation-state menace actors concentrating on people of curiosity, comparable to teachers, activists, diplomats, journalists or politicians, however is now spreading amongst financially-motivated teams, too.
In a legal context multiple-persona impersonation and electronic mail threads appear to be getting used predominantly in bill fee fraud, with the spoofed identities typically together with the sufferer’s third-party suppliers.
Stopping BEC: Again to fundamentals
Though cyber legal ways round BEC are clearly evolving, defenders can take solace from the truth that the perfect methods to guard in opposition to it are tried and examined.
Naturally, it stays an absolute crucial that workers throughout the organisation are educated on the best way to establish potential BEC spam electronic mail indicators.
Past this, safety groups ought to be certain that they work with compliance and monetary colleagues to make sure the organisation performs rigorous identification and verification checks when making exterior funds.
Lastly, limiting entry controls to organisational techniques, information and documentations, and defending these with multifactor authentication (MFA) as normal, can inhibit the chance of information theft.
