206 matches found
Understanding the Payload-Less Email Attacks Evading Your Security Team
The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. So, today’s threat actors are creating increasingly...
Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions
An infamous business email compromise BEC gang has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. Researchers who tracked the fraudulent activity said cybercriminals may have made millions so far from the fraudulent activity. Behi...
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...
Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million
In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups. According ...
PPE, COVID-19 Medical Supplies Targeted by BEC Scams
Much has been publicized about the shortage of personal protective equipment PPE and other supplies for healthcare facilities in the United States during the COVID-19 pandemic. Now, the FBI is warning that threat actors are taking advantage of efforts to procure PPE and critical equipment such as...
Using Zoom? Here’s how to keep your business and employees safe
Cyber-criminals are always looking for new opportunities to make money and steal data. Globally trending events are a tried-and-tested way of doing just this, and they don’t come much bigger than the current Covid-19 pandemic. It’s sparking a wave of phishing, BEC, extortion, ransomware and data...
Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security
On March 3, 2020, the cyber division of Federal Bureau of Investigation FBI issued a private industry notification calling out Business Email Compromise BEC scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email service...
Cybergang Favors G Suite and Physical Checks For BEC Attacks
Researchers have uncovered a new business email compromise BEC threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Google’s cloud-based productivity suite, G Suite, and for its use of...
Business Email Compromise. What to do
The FBI has just released it’s annual Internet Crime Report for 2019, it makes for some really interesting and depressing reading. The mainstream media focused on the headline figure of $3.5Bn in losses in 2019, but what caught my eye is the Business Email Compromise BEC or CEO Fraud stats. I...
Puerto Rico Gov Hit By $2.6M Phishing Scam
A phishing scam has swindled a Puerto Rico government agency out of more than $2.6 million, according to reports. According to reports, the email-based phishing scam hit Puerto Rico’s Industrial Development Company, which is a government-owned corporation aimed at driving economic development to...
Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam
A non-profit community housing collective has been swindled out of more than $1.2 million in a business email compromise BEC campaign. Red Kite Community Housing, a coop housing association in High Wycombe, U.K. outside of London announced in a recent website notice that £932,000 of the money pai...
This Week in Security News: December Patch Tuesday Updates and Retail Cyberattacks Set to Soar 20 Percent During 2019 Holiday Season
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the threat campaign Waterbear and how it uses API hooking to evade security product detection. Also, read about December Patch...
News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules
In this week’s Threatpost news wrap, editors Tara Seals and Lindsey O’Donnell break down the top infosec news, including: Authorities crack down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle. The developers behind a commodity...
Supply Chain Account Takeover: How Criminals Exploit Third-Party Access
Empower Your Suppliers Against Attack The average business shares data with a complex network of third parties, depending on their operational needs. In a survey of security and risk professionals, Forrester learned that the average business has 4,700 third-party partners with some access to...
ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes
As it gets harder for cybercriminals to bypass business email compromise BEC defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area,...
Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways
Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise BEC attacks. According t...
Not us, YOU: vendor email compromise explained
Silent Starling, an online organized criminal group hailing from West Africa, seem to have reminded SMBs and enterprises alike the perils of business email compromise BEC scams once more. This time, they've advanced BEC into a more potent modality by widening the scope of its potential targets an...
BEC Scam Costs Media Giant Nikkei $29 Million
Media conglomerate Nikkei Inc. has fallen victim to a business email compromise BEC scam that fleeced the company out of $29 million. Nikkei is Japan’s largest financial media organization and lends its name to Japan’s premier stock index, which is the equivalent of the Dow Jones Industrial Avera...
This Week in Security News: How a Partnership can Advance DevSecOps and Cybersecurity Issues in the Midwest and South U.S.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro’s partnership with Snyk will advance DevSecOps. Also, read about cyber attacks affecting hospitals in Alabama an...
Tackling the BEC Epidemic in a New Partnership with INTERPOL
In just a few short years, Business Email Compromise BEC has gone from a peripheral threat to a major cyber risk for organizations. It’s making criminal gangs millions of dollars each month, hitting corporate profits and reputation in the process. Trend Micro has built a formidable array of...