Business email compromise (BEC) scams are a burgeoning threat for organizations and, despite rising awareness, new victims are cropping up daily. BEC scammers don’t care what business the potential targets are in: all they care is that they have money that can be stolen – preferably lots of it – and that they have vulnerabilities they can exploit to pull off the heist. Four major BEC fraud techniques “The most common misconception about BEC scams … More
The number of phishing attacks continued to rise into the autumn of 2019, according to APWG. The total number of phishing sites detected in July through September 2019 was 266,387. This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018. “This is the worst period for phishing that the APWG has seen in three years, since the fourth quarter of 2016,” … More
Japanese media company Nikkei Inc. is the latest organization to be fleeced by BEC scammers, to the tune of $29 million. What happened? The company confirmed last week that, in late September, an employee of its US subsidiary,”had transferred approximately 29 million United States dollars (approximately 3.2 billion Japanese Yen) of Nikkei America funds based on fraudulent instructions by a malicious third party who purported to be a management executive of Nikkei.” Nikkei America quickly … More
Most cyber attacks start with a social engineering attempt and, most often that not, it takes the form of a phishing email. It’s easy to understand the popularity of this attack vector: phishing campaigns are relatively inexpensive (money- and time-wise), yet successful. Attackers don’t need to create/buy technical exploits that might or might not work – instead, they exploit what they can always count on: users’ emotions, fears, desires, and the fact that, despite knowing … More
The post Phishing attacks are a complex problem that requires layered solutions appeared first on Help Net Security.
850,000 domains worldwide now have DMARC records, a 5x increase since 2016, according to Valimail. However, less than 17% of global DMARC records are at enforcement — meaning fake emails that appear to come from those domains are still arriving in recipients’ inboxes. Among large companies, only one in five enterprise DMARC records is at enforcement, a significant factor in the wild success of business email compromise (BEC) attacks, which has produced more than $26 … More
The post BEC explodes as attackers exploit email’s identity crisis appeared first on Help Net Security.
More than 99 percent of cyberattacks rely on human interaction to work, Proofpoint recently shared. More often than not, the principal attack method is phishing emails. When hitting enterprises, attackers love to impersonate Microsoft the most, as Office 365 is increasingly the heart of companies, providing the essential services (email, chat, document management, project management, etc.) that businesses depend on to run. They also constantly refine their tools and techniques. “While one-to-one attacks and one-to-many … More
The post How can we thwart email-based social engineering attacks? appeared first on Help Net Security.
Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites … More
The post Phishing attacks up, especially against SaaS and webmail services appeared first on Help Net Security.