Bec on Daily DMARC News

Vendor Email Compromise Now Makes Up 61% of Business Email Fraud. DMARC Alone Won't Stop It.

Mon, 15 Jun 2026 08:00:00 +0000

Abnormal AI’s 2026 Attack Landscape Report, published in April, analyzed nearly 800,000 email attacks across more than 4,600 organizations during the second half of 2025. One finding in particular is worth pausing on: 61% of all business email compromise incidents in that dataset were vendor-related. The majority of BEC is no longer about impersonating a CEO. It is about impersonating a supplier.

That shift has direct consequences for how organizations think about email authentication – and about what DMARC can and cannot do.

Google's June 2026 Fraud Advisory: AI Voice Cloning Is Now the Primary BEC Weapon as DMARC Blocks Email Spoofing

Thu, 11 Jun 2026 08:00:00 +0000

When DMARC enforcement was weak, the easiest path into an organization’s finances ran through email. A spoofed message from “cfo@company.com” landed in the inbox, the employee wired the money, and the attack was complete. Google and Microsoft hardened those entry points. DMARC with p=reject closed the spoofing window. Now, according to Google’s June 2026 Fraud and Scams Advisory, attackers have found a new path – and it does not go through email at all.

Healthcare Has the Most to Lose from Email Spoofing. Only 11% of US Healthcare Domains Are Actually Protected.

Mon, 01 Jun 2026 08:00:00 +0000

A new report from Paubox makes the connection between weak email authentication and real-world healthcare breaches impossible to ignore: of 170 email-related breaches at healthcare organizations analyzed across all of 2025, 74% involved domains with DMARC set to monitoring-only mode or no DMARC record at all.

That is not a coincidence. It is a causal chain. And the broader sector data confirms it: the United States healthcare industry sits at just 11% DMARC enforcement in 2026, a figure that looks even more alarming alongside Q1 2026’s count of 120 ransomware attacks on hospitals, clinics, and other healthcare providers, plus 81 additional attacks on healthcare-adjacent businesses like billing processors and pharmaceutical manufacturers.

8.3 Billion Phishing Threats in Q1 2026: Why CAPTCHA-Gated Attacks and ClickFix Are Reshaping the Email Security Equation

Fri, 29 May 2026 09:00:00 +0000

Microsoft Threat Intelligence published its Q1 2026 Email Threat Landscape Report in late April, and the headline figure is difficult to absorb: 8.3 billion email-based phishing threats detected in the first three months of 2026. That is roughly 92 million per day, every day of the quarter. The raw volume matters less than what the report reveals about how those threats are being delivered and why the delivery methods are changing so rapidly.

Cloudflare Analyzed 450 Million Emails: 46% Failed DMARC — and That Is Not Even the Biggest Problem

Mon, 25 May 2026 08:00:00 +0000

Cloudflare published its 2026 Threat Intelligence Report in March, and the email security chapter deserves more attention than it received in the broader coverage of the report. The headline finding that nation-state actors and cybercriminals are shifting from breaking into systems to simply logging in with stolen credentials is real and well-documented. What got less coverage is how those credentials are being stolen in the first place — and what the authentication data behind 450 million analyzed emails reveals about the state of email security across the internet.

BEC Stole $2.77 Billion Last Year. DMARC Enforcement Would Have Closed the Door.

Sat, 23 May 2026 08:00:00 +0000

The FBI’s Internet Crime Complaint Center received 21,442 Business Email Compromise reports in 2024. The total losses across those incidents came to $2.77 billion. That works out to an average loss of approximately $129,000 per incident, and those are only the cases where victims filed a report. The actual figure is almost certainly higher.

Cumulative BEC losses tracked by the FBI over the past decade now exceed $55.5 billion. No other category of cybercrime generates financial losses on that scale at that level of consistency, year after year.