A new and particularly sneaky business email compromise (BEC) campaign has been spotted that sees victims forwarded an email chain, seemingly coming from their boss, instructing them to send on funds.
Cybersecurity researchers from Abnormal Security explained how the victim usually works in their organization’s finance department, or is otherwise capable of making wire transfers.
In the email, the attackers assume the identity (opens in new tab) of a company boss, and forward an earlier email thread with either a partner company, a client, or an organization in the supply chain, and ask the victim to make a payment to those organizations. The entire email thread, designed to give the campaign much-needed legitimacy, is obviously a scam, and the company receiving the transfer belongs to the scammers.
What makes business email compromise attacks so devastating is the fact that these emails usually don’t carry viruses, malware, or malicious links, and as such usually bypass email and endpoint protection (opens in new tab) services with ease.
“Like all BEC attacks, the reason traditional email defenses have a difficult time detecting them is because they don’t contain any of the static indicators most defenses look out for, like malicious links or attachments,” Crane Hassold, director of threat intelligence at Abnormal Security, told ZDNET.
“Most BEC attacks are nothing more than pure, text-based social engineering that traditional email defenses are not well-equipped to detect.”
Abnormal Security analyzed the attacks and believes the campaign originated in Turkey, from a threat actor known as Cobalt Terrapin. The campaign started in July this year.
Although not as popular as ransomware, for example, business email compromise is equally devastating. In fact, last summer the FBI said BEC grew into a $43 billion industry.
In a recent FBI report, between July 2019 and December 2021, the number of identified global losses, due to business email scams, grew by almost two-thirds (65%).
The figures are based on incidents that have been reported to the Internet Crime Complaint Center (IC3), and mean that BEC attacks are now more lucrative than the likes of the global tuna industry, or the global used-clothes industry.
Via: ZDNet (opens in new tab)