Yahoo Finance

Cybersecurity is at an all-time high — and “bad actors” are getting more creative when it comes to how they prey on internet users, experts warn.

Increasingly sophisticated cyber threats are being carried out on companies and individuals alike, and nobody is safe.

Some cybersecurity breaches involve vast amounts of private data, like the 2017 Equifax data breach or the more 540 million Facebook (FB) users records that were found on an exposed server. Or they could involve compromising a social media profile — as Twitter CEO Jack Dorsey found out last week.

One thing is for sure: Cyber scams and the hackers who create them have evolved from the primitive techniques they used to use.

Cyber criminals have “become, sort of, super criminals,” Patrick Peterson, CEO of cybersecurity firm Agari, told Yahoo Finance recently.

Founded in 2009, Agari’s platform provides mail threat detection and prevention service using AI cyber technology to protect individuals and organizations.The company claims more than 400 big-name clients, including Apple (AAPL), Google (GOOGL) and Microsoft (MSFT), and government agencies.

For both companies and citizens, the stakes are high and rising. Between 2013 and 2018, more than $13.5 billion alone has been lost lost to business email compromise (BEC) attacks, according to data compiled by cybersecurity company Agari, in part with FBI's Internet Complaint Center.

Unwitting employees click on a seemingly legitimate communication — and disaster ensues.

Cyber crooks are “actually infecting an email account and using that to reply to someone to ask for an invoice to be paid, or a supplier to be paid,” said Peterson.

Nearly two-thirds (65%) of all BEC attacks observed by Agari requested that the target purchase gift cards, and then send them to the attacker.

‘Scalability issue’

The company’s cyber intelligence division has been tracking and following a West African cyber-gang that has been attacking a mix of individuals and corporate email accounts. The group is looking to obtain the transfer of funds or sensitive information.

Dubbed by the cybersecurity company as “Silent Staring” the group has been primarily targeting American organizations.One of those is Caterpillar (CAT), which recently reported that it lost $11 million in a vendor impersonation attack.

Mark Ferguson, a former chief information security officer at Honeywell, told Yahoo Finance the U.S. has a “scalability issue.”

“When you’ve got a lot of big organizations in the United States, they’re going to attack the United States,” said Ferguson.

Meanwhile, Agari’s focus is to prevent business email compromise (BEC) attacks. “Once they get in that supply chain, they’re in a trusted echo-system boundary. So we’re evolving our technologies to be able to stop that,” said Peterson.

“It’s also a call for action to the industry to work together because enterprises can no longer just support and secure themselves, they’ve got to think about their partners and their partners-partners, if we’re going to be secure together,” he added.

“There’s so much information that people put out there now and it’s so easy to gather that information,” said Ferguson. With the surge in social media use, criminals are “gathering this information up and they’re able to build pretty powerful profiles on people, and then go and exploit that.”

Sarah Smith is a Segment Producer/Booker at Yahoo Finance. Follow her on Twitter @sarahasmith

Read more:

An author explains why you don't have to be young to make money

Away, Instagram's favorite suitcase brand, is now worth $1.4 billion

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, YouTube, and reddit.