Making the headlines
- The attackers registered a domain similar to the legitimate one used by the targeted business and used it to send emails to their targets, impersonating real employees of the company.
- In a few initial samples, the email carried an attached PDF file that pretended to be a letter from the French tax service, asking the target company for information about its customers, employees, and other financial data.
Another major BEC scam
- The campaign uses social engineering techniques, in which the attackers impersonated senior executives using Microsoft Office 365 email services.
- The campaign targeting organizations from the law, construction, finance, and retail sectors, mostly from the U.S.
Other recent email compromise attacks
Within the past few months, several major BEC attacks have been observed.
- In mid-August, New York-based trading firm Virtu Financial said that it had lost $6.9 million in a business email compromise scam in May.
- A group of fraudsters named Water Nue was seen targeting business executives of over 1,000 companies across the world since March 2020.
The increasing use of BEC attacks indicates that this is turning out to be a profitable method for fraudsters. Therefore, experts recommend that organizations need to ensure that they have ample security measures to tackle BEC-related threats. Additionally, organizations are recommended to block unsolicited emails from suspected accounts and train their employees to detect targeted phishing attacks.