Since the beginning of the year there have been increasing phishing attacks on Business Email Compromises. Invitations are systematically seen to manage the user data. Fraudsters use controlled phishing kits for this, which can be obtained cheaply on the internet. Even though they only made up a small proportion of the various attack vectors, the financial damage for companies and institutions is getting worse.
Private Sector Partners Should Pay Attention
The Federal Bureau of Investigation warned private sector partners for administration, as part of the Business Email Compromise (BEC).The scams are initiated by managing the kits, the cloud enabled email services are being modified to compromise business email accounts and request or misdirect money transfers, according to the FBI in a private industry notification. The fraudsters mimick employees of injured organizations or their affiliates and attempt to redirect payments to the bank accounts they control. The messages do not contain malicious links or attachments, but the attackers attempt to deceive the email client, causing the recipient to view the email as legitimate. Social engineering plays the main role here. They also steal partner information that they can later use for other phishing attacks that will attract risk and more businesses. The highly targeted BEC attacks are extremely difficult to detect because they rarely contain a URL or a malicious attachment.
– 85 percent of the BEC attacks take place on weekdays and would normally be dispatched during the normal business hours of the targeted company. The attackers wanted to use it to simulate typical business processes in order to make them appear as unsuspicious as possible.
– The average BEC attack targets no more than five employees.
– Many of the BEC exploits are disguised as urgent requests, which supposedly required a quick response.