A group of online scammers has generated a list of 50,000 of executives including CFOs and other finance chiefs to use as targets for their schemes. The list was discovered by security company Agari after the scammers unwisely targeted the company with one of its scams, prompting the company to investigate further.
The group – which Agari is calling London Blue – seems to specialise in business email compromise (BEC) scams. While there are many variations, the basic aim is to trick someone within an organisation – usually working in finance – to send funds to a bank account controlled by the crooks, thinking that the transfer is a request from someone senior inside their own organisation.
Read more about the London Blue BEC group on ZDNet.
Whenever there is a tragedy, some lowlife will try to take advantage of it. Such is the case with a new round of BEC scams that try to take leverage the California wildfires to defraud their victims.
In this campaign, the scammers pretend to be the CEO of a company who tells an employee that their clients have been affected by the California wildfires and that they need to send them assistance. This is when things get a bit weird, because instead of asking for money to be transferred, they request that the employee go out and buy Google Play gift cards, reveal the redemption codes, and then send them back to the attacker.
It was not a good week for the Pathé cinema chains. First, their UK branch’s Twitter account was hacked and used in a cryptocurrency scam and then it became known that their Dutch branch had lost more than 19 million euros (US$21.5m) trough a business email compromise (BEC) scam.
The scam began in March with an email to the company’s CFO, allegedly from Pathé’s French parent firm, which told him to transfer more than 800,000 euros as part of a “strictly confidential” acquisition, Dutch business site Quote reports. Though the CFO and the CEO did discuss among themselves that the request was rather strange, they dutifully obliged.
Read more about this elaborate and successful BEC scam on Forbes.
Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari. Microsoft was impersonated in 36 percent of all (brand) display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks. Amazon and Microsoft run the largest public cloud computing platforms, which are widely used by companies undergoing digital transformation projects.
The pattern was different for high-value targets, such as C-suite executives—Microsoft was impersonated in 71 percent of these attacks. Dropbox is a distant second at seven percent, followed by UPS at six percent.
Digital Shadows has announced the findings of new research revealing the diversity of methods used to infiltrate company emails. The FBI has estimated that scams resulting from business email compromise – such as fake invoices and wire fraud – have cost businesses $12bn globally over the last five years.
While phishing is a common means of attack, the research reveals criminals are resorting to a wide variety of methods to access business email accounts. But in many cases, companies are inadvertently making it easy for cybercriminals.
Cybercriminals targeting companies often turn to Business Email Compromise (BEC) scams to steal funds, causing billions of dollars in fraud losses over the past few years, according to a new report from Barracuda. Criminals use BEC attacks to gain access to a business email account and pretend to be the account owner to defraud the company and its employees, customers, or partners, the report noted.
The report examined 3,000 BEC attacks from Barracuda’s Sentinel system. The most common BEC attack involved the hacker trying to trick a recipient to do a wire transfer to a bank account owned by the attacker (47%). Other types of attacks included trying to get a recipient to click a malicious link (40%), establishing rapport with the victim (12%), and stealing PII like W2 forms (1%).
Read more about the findings of the new Barracuda report on DarkReading.
The Valimail Q2 2018 Email Fraud Landscape shows that fake email continues to be a serious problem, with an estimated 6.4 billion fake emails sent every day.
That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most difficult to detect and damaging types of fake emails. For example, the FBI recently reported that business email compromise (BEC) costs have reached $12 billion over the past several years.
Read more about the findings of the Valimail study underscoring the scope of the fake email problem, on Help Net Security.
Despite constant warnings by law enforcement and industry organizations, BEC scammers continue to fleece companies. They target small, medium, and large business and personal transactions, but have, in the last few years, shown a notable predilection for targeting companies in the real estate sector.
Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a type of scam targeting both businesses and individuals performing wire transfer payments, and often starts with the attackers compromising legitimate business e-mail accounts.
Read more about BEC scams and learn how scammers often manage to target all parties in a real estate transaction on Help Net Security.
New FBI data shows that business email compromise (BEC) and email account compromise (EAC) scam losses worldwide spiked 136% from December 2016 to May 2018.
There were 78,617 BEC/EAC incidents reported between October 2013 and May 2018, resulting in $12 billion in losses. Of those incidents, 41,058 were in the US, resulting in $2.9 billion in losses. China and Hong Kong banks led the locations for receipt of fraudulent funds, while the UK, Mexico, and Turkey are emerging regions, the FBI report shows.
Read more about the findings of the new FBI report on DarkReading.