What is Phish(ing)? No, not the band, unless you’re really into jam bands. We’re talking about the email attack variety. Well, for starters, it continues to be a huge problem for organizations everywhere. It’s still showing up to drop ransomware and Trojans, harvest credentials, and spy on organizations like yours. We’ve even written about it […]
Digital Shadows (now ReliaQuest)’ latest research report, Pst! Cybercriminals on the Outlook for Your Emails, highlights the different ways cybercriminals can access corporate email accounts to perform business email compromise (BEC) attacks. Our previous two blogs looked at how attackers can outsource this work to other online actors, or even try their luck with previously compromised […]
Last week, I wrote about how cybercriminals are looking to trade corporate emails in their pursuit of conducting Business Email Compromise scams (BEC). In particular, these individuals sought the credentials of CFOs, CEOs, and accounting and finance departments. However, as our latest report, Pst! Cybercriminals on the Outlook for Your Emails, shows, many of these credentials […]
In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows (now ReliaQuest)’ latest research on Business Email Compromise, Pst! Cybercriminals on the Outlook for Your Emails. We discuss how criminals are outsourcing this work, and how the exposure of 33,000 finance department credentials is increasing the ease for attackers. However, even without […]
According to the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since October 2013. Financially-sensitive information constantly flows through company emails, such as contract scans, purchase orders, and payroll information. All these make inboxes lucrative targets for attackers, who use social engineering and intrusion techniques to gain […]
In this week’s podcast, the Digital Shadows (now ReliaQuest) Research Team discuss attacks against banks using the SWIFT network, business email compromise (BEC) threats, the state of ransomware, as well as new activity by thedarkoverlord and APT-37. Two new thefts using SWIFT network confirmed Over the past week, an unidentified Russian bank and India’s […]
Business email compromise (BEC) is not going away. Since we initially wrote about BEC back in April 2016, we have continued to report on threat actors using tried and trusted BEC techniques to trick their victims. For example, in May 2015 two separate reports emerged of the theft of $495,000 USD from US Investment company […]
Business email compromises (BEC) are on the rise. When I was at Forrester Research, I typically didn’t go more than one month without consulting with organizations that had fallen prey to the attack. In an August 2015 alert, the FBI defined the BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses […]
Call me phishmail. Whaling – also known as CEO fraud and business email compromise (BEC) – is a type of scam whereby attackers spoof company executives, either by the compromise of that executive’s email account or through the use of typo-squatting (domains registered that look similar to legitimate company domains) in order to socially engineer […]