BEC attacks: Scammers’ latest tricks

2021-10-18 10:34

Email security solutions have trouble detecting BEC scam emails because they are targeted toward specific recipients, generally don't include malicious attachments or links, and often begin with innocuous requests.

Intended targets, on the other hand, often fail to spot that these emails have spoofed senders / use spoofed email addresses, or don't find the various email addresses / domains the scammers use suspect.

One of the tricks employed by BEC scammers is to register domain names with telecommunications industry-related keywords and names of service providers: sprint-mobile.net, 5g-tmobile.com, verizone4g-device.com, and so on.

Sometimes the scammers will use other trust-inducing keywords in email addresses, such as mail ceoofficial, chiefexecutiveoffice, officepresident and offshoreoffice.

Some may even be fooled by the scammers' use of free email services such as Gmail, Hotmail, and Outlook, since we're all used to receiving legitimate emails from those popular email services.

Stolen email credentials, to spam and reply to previous email conversations.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/sz8nVpSenRM/

#attack #scammer