Tag: BEC Scams

Save the Children Foundation duped by hackers into paying out $1 million

Save the Children Foundation has revealed that the charity was targeted by fraudsters last year, leading to the loss of $1 million. The US arm of the non-profit said that con artists managed to compromise an employee’s email account in order to masquerade as the staff member in question.

Once access was gained to the account, the hackers behind the scam created a number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan. The Connecticut-based charity organization fell for the ruse, conducted in May 2017, and approved the transfer of close to $1 million.

Read more about how Save the Children Foundation was scammed on ZDNet.

Gift Card-Themed BEC Holiday Scams Spike

With cyber threats rampant between Black Friday and Christmas, security experts are warning of a wave of business-style email scams hitting inboxes designed to appeal to holiday shoppers.

Attacks involve scam messages purporting to be gift card deals or links to corporate donations. According to researchers at Proofpoint, the style, technique and nature of the email scams follow a pattern of what are known as business email compromise (BEC) scams. Instead of tricking targets with fake invoices, holiday-themed BEC emails entice victims to click on malware laced gift-card offers or to donate to a fake charitable cause along with other corporate coworkers.

Read more about the new holiday-themed BEC scams on ThreatPost.

This phishing scam group built a list of 50,000 execs to target

A group of online scammers has generated a list of 50,000 of executives including CFOs and other finance chiefs to use as targets for their schemes. The list was discovered by security company Agari after the scammers unwisely targeted the company with one of its scams, prompting the company to investigate further.

The group – which Agari is calling London Blue – seems to specialise in business email compromise (BEC) scams. While there are many variations, the basic aim is to trick someone within an organisation – usually working in finance – to send funds to a bank account controlled by the crooks, thinking that the transfer is a request from someone senior inside their own organisation.

Read more about the London Blue BEC group on ZDNet.

New BEC Scams Take Advantage of the California Wildfires

Whenever there is a tragedy, some lowlife will try to take advantage of it. Such is the case with a new round of BEC scams that try to take leverage the California wildfires to defraud their victims.

In this campaign, the scammers pretend to be the CEO of a company who tells an employee that their clients have been affected by the California wildfires and that they need to send them assistance.  This is when things get a bit weird, because instead of asking for money to be transferred, they request that the employee go out and buy Google Play gift cards, reveal the redemption codes, and then send them back to the attacker.

Read more about the new BEC scam on BleepingComputer.

Cinema Chain Sees Bad Movie Script Play Out As It Loses Millions In Email Scam

It was not a good week for the Pathé cinema chains. First, their UK branch’s Twitter account was hacked and used in a cryptocurrency scam and then it became known that their Dutch branch had lost more than 19 million euros (US$21.5m) trough a business email compromise (BEC) scam.

The scam began in March with an email to the company’s CFO, allegedly from Pathé’s French parent firm, which told him to transfer more than 800,000 euros as part of a “strictly confidential” acquisition, Dutch business site Quote reports. Though the CFO and the CEO did discuss among themselves that the request was rather strange, they dutifully obliged.

Read more about this elaborate and successful BEC scam on Forbes.

Most impersonated brands in email attacks? Microsoft and Amazon

Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari. Microsoft was impersonated in 36 percent of all (brand) display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks. Amazon and Microsoft run the largest public cloud computing platforms, which are widely used by companies undergoing digital transformation projects.

The pattern was different for high-value targets, such as C-suite executives—Microsoft was impersonated in 71 percent of these attacks. Dropbox is a distant second at seven percent, followed by UPS at six percent.

Read more about the findings of the Agari report on Help Net Security.

BEC-as-a-Service: Hacked accounts available from $150

Digital Shadows has announced the findings of new research revealing the diversity of methods used to infiltrate company emails. The FBI has estimated that scams resulting from business email compromise – such as fake invoices and wire fraud – have cost businesses $12bn globally over the last five years.

While phishing is a common means of attack, the research reveals criminals are resorting to a wide variety of methods to access business email accounts. But in many cases, companies are inadvertently making it easy for cybercriminals.

Read more about the findings of the new research on Help Net Security.

Beware: Hackers are trying to scam your company with this attack

Cybercriminals targeting companies often turn to Business Email Compromise (BEC) scams to steal funds, causing billions of dollars in fraud losses over the past few years, according to a new report from Barracuda. Criminals use BEC attacks to gain access to a business email account and pretend to be the account owner to defraud the company and its employees, customers, or partners, the report noted.

The report examined 3,000 BEC attacks from Barracuda’s Sentinel system. The most common BEC attack involved the hacker trying to trick a recipient to do a wire transfer to a bank account owned by the attacker (47%). Other types of attacks included trying to get a recipient to click a malicious link (40%), establishing rapport with the victim (12%), and stealing PII like W2 forms (1%).

Read more about the findings of the new Barracuda report on DarkReading.

6.4 billion fake emails sent every day

The Valimail Q2 2018 Email Fraud Landscape shows that fake email continues to be a serious problem, with an estimated 6.4 billion fake emails sent every day.

That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most difficult to detect and damaging types of fake emails. For example, the FBI recently reported that business email compromise (BEC) costs have reached $12 billion over the past several years.

Read more about the findings of the Valimail study underscoring the scope of the fake email problem, on Help Net Security.

BEC scams and real estate deals: How to protect yourself?

Despite constant warnings by law enforcement and industry organizations, BEC scammers continue to fleece companies. They target small, medium, and large business and personal transactions, but have, in the last few years, shown a notable predilection for targeting companies in the real estate sector.

Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a type of scam targeting both businesses and individuals performing wire transfer payments, and often starts with the attackers compromising legitimate business e-mail accounts.

Read more about BEC scams and learn how scammers often manage to target all parties in a real estate transaction on Help Net Security.