CP
cyberpings
FraudMEDIUM

Business Email Compromise - The New Threat Landscape Explained

Featured image for Business Email Compromise - The New Threat Landscape Explained
TACisco Talos Intelligence
business email compromisesocial engineeringfraud preventionnonprofitAI
🎯

Basically, small organizations are now being targeted by email scams that trick people into sending money.

Quick Summary

A recent fraud attempt shows how business email compromise is evolving. Small organizations are now prime targets for these scams. Awareness is key to staying safe.

What Happened

Last weekend, a typical volunteer-run nonprofit faced a fraud attempt that showcases the changing threat landscape. The chair of the organization emailed the treasurer, requesting a bank transfer. The email seemed legitimate, with correct names and a plausible amount. However, the treasurer noticed something was off and decided to verify the request by phone.

Who's Affected

This incident illustrates how business email compromise (BEC) scams are no longer limited to large corporations. Small organizations, community associations, and charities are now at risk. These groups often lack the resources and awareness to recognize such threats, making them easier targets for attackers.

How the Scam Works

BEC scams typically involve an attacker impersonating a trusted individual, using social engineering to request funds. They often send emails from compromised accounts, making it difficult to detect the fraud. In this case, the attacker aimed to exploit the nonprofit’s trust and urgency to execute the scam.

The Changing Economics of BEC

Historically, BEC attacks targeted larger organizations where the potential payout justified the effort. However, the emergence of AI has changed the game. Attackers can now quickly gather information on numerous small organizations, tailoring their emails to appear authentic. This approach allows them to profit from scamming smaller amounts from many victims rather than targeting just a few large ones.

What You Should Do

To protect against BEC scams, organizations should:

  • Be suspicious of unexpected payment requests, especially those with urgency.
  • Verify requests through separate communication channels.
  • Implement strict procurement rules to prevent last-minute payments.
  • Educate staff about the signs of fraud and the importance of verification.

Awareness is the first step in combating these evolving threats. As BEC scams become more democratized, it’s vital for all organizations, regardless of size, to remain vigilant and proactive in their defenses.

🔒 Pro insight: The shift towards targeting smaller organizations with BEC scams indicates a significant change in attacker strategy, leveraging AI for efficiency.

Original article from

TACisco Talos Intelligence· Martin Lee
Read Full Article

Share

Related Pings

HIGHFraud

Drift Protocol Hacked - $280 Million Stolen in Heist

A major security breach at Drift Protocol has resulted in a staggering $280 million loss. The hackers executed a sophisticated attack without exploiting flaws. Users are advised to avoid depositing funds while investigations are ongoing.

BleepingComputer·
HIGHFraud

Drift Crypto Platform Hack - $280 Million Stolen by North Korea

A massive $280 million was stolen from Drift, a crypto platform, linked to North Korean hackers. This breach raises alarms about security in decentralized finance. Drift is working to trace the stolen assets and improve security measures.

The Record·
HIGHFraud

Vacant Homes - Adversaries Exploit Mail for Fraud

Criminals are exploiting vacant homes to intercept mail and commit fraud. This method targets sensitive information, leading to identity theft. Stay vigilant and monitor your mail to protect yourself.

BleepingComputer·
HIGHFraud

EvilTokens - New Phishing Campaign Abuses Microsoft Login

A new phishing campaign called EvilTokens is exploiting Microsoft’s device code flow to hijack accounts. Users in multiple countries are at risk. Stay alert and protect your credentials!

CSO Online·
HIGHFraud

Customer Authentication - Why Are They Sending Money to Scammers?

Fraud expert Lenny Gusel reveals how separating identity management from fraud detection increases risks. Customers can still be scammed even after authentication. Integrating these systems is crucial for security.

Help Net Security·
HIGHFraud

Digital Assets After Death - Managing Fraud Risks Explained

Fraudsters are targeting deceased individuals' digital accounts. Families must learn how to safeguard digital assets and prevent scams during this vulnerable time. Planning ahead can protect loved ones.

WeLiveSecurity (ESET)·