10 matches found
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle AiTM phishing and business email compromise BEC attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and...
Business Email Compromise Attack Tactics
Is BEC more damaging than ransomware? What tactics are BEC actors using? How can organizations bolster their defenses? Jon Clay, VP of threat intelligence, tackles these pertinent questions and more to help reduce cyber risk...
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...
Google Forms Set Baseline For Widespread BEC Attacks
A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise BEC attack. So far, researchers have observed thousands of messages being sent to companies since...
Wisc. GOP's $2.3M MAGA Hat Debacle Showcases Fraud Concerns
The Wisconsin Republican party’s war chest is lighter by $2.3 million after scammers posing as MAGA-hat vendors were able to spoof invoices in what appears to be a basic business email compromise BEC attack. It’s just the latest in a litany of attacks related to the upcoming election, and it...
Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million
In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups. According ...
News Wrap: Cartoon Network Hack, the Catholic Church and Jason Statham Scams
A slew of strange security news stories made headlines this week, from scams to hacks. The Threatpost team breaks down the top stories that made everyone scratch their heads, including: –Cartoon Network streaming websites being hacked to play Brazilian stripper videos. – A Catholic church in...
BEC Hack Cons Catholic Church Out of $1.75 Million
A church in Brunswick, Ohio was scammed out of a whopping $1.75 million as a result of a business email compromise BEC attack. St. Ambrose Catholic Parish, which has around 16,000 members, has been working on a massive $4 million church renovation, dubbed “Vision 20/20” – but attackers figured ou...
How hackers have improved their BEC attack methods
Email is increasingly an integral part of global life, but business email compromise BEC attacks could place these communications at risk. Research by The Radicati Group found that 2.9 billion people worldwide will be using email portals by 2019. Each business user will send 126 messages daily by...
Business Email Compromise Campaign Harvesting Credentials in Numerous Industries
A business email compromise campaign emanating out of Western Africa is targeting companies in a wide swathe of industries, bucking a trend of these scams focusing on wire fraud and targeting CEOs. The criminals are using phishing emails with links redirecting victims to sites designed to harvest...