Technology

In new phishing scam, attackers pretend to be your boss: Report

Cybersecurity researchers have discovered a new business email compromise (BEC) phishing scam where malicious actors send emails to corporate employees pretending to be their boss to get them to send funds. As reported ZDNET, this advanced BEC campaign forwards email threads to victims, tricking them into thinking that it is an ongoing thread from their boss. They then ask the victim to make a payment or deal with an invoice. This money would be sent to an account run the attacker. These attacks are often personalised and use email spoofing to make it appear legitimate.
“Like all BEC attacks, the reason traditional email defences have a difficult time detecting them is because they don’t contain any of the static indicators most defences look out for, like malicious links or attachments. Most BEC attacks are nothing more than pure, text-based social engineering that traditional email defences are not well-equipped to detect,” said Crane Hassold, director of threat intelligence at Abnormal Security, to ZDNET. Abnormal Security is the cybersecurity firm that discovered the phishing scam.

The attackers reportedly use an invoice request that makes it look like the money is being paid to a client or a partner business in an effort to make the victim follow the instructions without asking questions or alerting someone. According to Abnormal Security’s analysis, this campaign has been active since July 2022 and is potentially the work of a threat group called Cobalt Terrapin, which operates out of Turkey.
It is a little difficult for companies to defend themselves against such BEC campaigns because these attacks rely on social engineering instead of using malware that could be detected threat detection software.
One way for companies to defend themselves against such BEC attacks would be to educate their staff to identify scam emails. For example, such scam emails could involve unusually urgent requests aimed at not giving the victim enough time to think before acting. Staff should also be asked to verify such emails through other forms of communication if they find something suspicious.

Related Articles

Back to top button