Linchakin

CyberheistNews Vol 11 #35 [Heads Up] When the URL Domain Is Not Enough To Avoid That Phish

 September 07, 2021     No comments   

BEC and the Underworld's Resources

Researchers at Intel 471 have observed cybercriminals outsourcing talent for business email compromise (BEC) attacks. This tactic lowers the bar of entry for BEC attacks, which are extremely effective at raking in large amounts of money.

“In February, an actor on a popular Russian-language cybercrime forum announced he was searching for a team of native English speakers for the social engineering elements of BEC attacks after they had obtained access to custom Microsoft Office 365 domains,” the researchers write.

“Additionally, another actor on a different forum asked for the same thing in June, posting help wanted ads that essentially outsourced the social engineering work behind BEC, while the actor would take care of the related technical aspects.

The researchers note that this enables the criminals to overcome the language barrier, since typos and poor grammar often tip off users to the scam.

“Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams,” Intel 471 says. “The use of proper English is very important to these actors, as they want to ensure the messages they send to their victims — mainly high-level employees of an organization — do not raise any red flags.”

Criminals are also outsourcing the money laundering aspect, which further lowers the bar for these attacks.

“Another skill actors on the cybercrime underground are looking to outsource is laundering the money stolen via BEC schemes so it becomes untraceable and usable,” the researchers write. “Intel 471 observed a Russian language actor place an ad on a cybercrime forum, looking to launder sums as large as $250,000 through a cryptocurrency tumbler — a service that blends multiple transactions and disperses money to intended recipients in incomplete installments, which makes it significantly more difficult to trace.

The six-figure sum suggested the scams targeted large companies.” The researchers conclude that employee training is a valuable layer of defense against these attacks. “Awareness of the techniques threat actors employ and key indicators that an email or sender is fraudulent or inauthentic can help reduce the threat of BEC.”

New-school security awareness training can enable your employees to thwart social engineering attacks and make them that last line of defense.

Blog post with links:
https://blog.knowbe4.com/bec-and-the-underworlds-resources

Adblock test (Why?)


You may be interested in:
>> Is a Chromebook worth replacing a Windows laptop?
>> Find out in detail the outstanding features of Google Pixel 4a
>> Top 7 best earbuds you should not miss

Related Posts:
>> Recognizing 12 Basic Body Shapes To Choose Better Clothes
>>Ranking the 10 most used smart technology devices
>> Top 5+ Best E-readers: Compact & Convenient Pen
  • Share This:  
  •  Facebook
  •  Twitter
  •  Google+
  •  Stumble
  •  Digg
Email ThisBlogThis!Share to XShare to Facebook

Related Posts:

  • Kingston KC3000 PCIe 4.0 NVMe Flagship SSD Hits Retail Kingston had previewed their 2021 flagship PCIe 4.0 x 4 M.2 NVMe SSD (codename "Ghost Tree") at CES earlier this year. Not much was divulged other t… Read More
  • AnandTech Interviews Mike Clark, AMD’s Chief Architect of Zen AMD is calling this time of the year as its ‘5 years of Zen’ time, indicating that back in 2016, it was starting to give the press the first taste o… Read More
  • Apple's M1 Pro, M1 Max SoCs Investigated: New Performance and Efficiency Heights Last week, Apple had unveiled their new generation MacBook Pro laptop series, a new range of flagship devices that bring with them significant updat… Read More
  • MEET THE RECIPIENTS OF THE 2021 (ISC)² GOVERNMENT PROFESSIONAL AWARDThe (ISC)² Government Professional Award recognizes government cybersecurity leaders whose commitment to excellence has helped to improve government i… Read More
  • CISSP: The Time is NowDifferent personality types, different approaches to life, and different styles of learning; these qualities are what make us all unique, helping us t… Read More
Newer Post Older Post Home

0 Comments:

Post a Comment


Copyright © 2025 Linchakin | Powered by Blogger
Design by Hardeep Asrani | Blogger Theme by NewBloggerThemes.com | Distributed By Gooyaabi Templates