The multiplying impact of BEC attacks

2023-06-12 13:13

The FBI has recently published a new public services announcement, warning again about the continuous evolution and danger of BEC attacks.

Attack chain from AiTM phishing attack to BEC. This particular attack started with a phishing email from one of the target organizations' trusted vendors, instructing the target to view or download a fax document.

"The attacker then monitored the victim user's mailbox for undelivered and out of office emails and deleted them from the Archive folder. The attacker read the emails from the recipients who raised questions regarding the authenticity of the phishing email and responded, possibly to falsely confirm that the email is legitimate. The emails and responses were then deleted from the mailbox," Microsoft added.

More often than not, BEC attackers are after the target companies' money or sensitive information, but the FBI has recently warned that they are also occasionally after physical goods.

In these latest attacks outlined by Microsoft, it's clear how the attackers are exploiting the trust relationship companies have established with partner/customer organizations, thus increasing the attack's effectiveness, while potentially destroying business connections, reputation and trust.

BEC cybercriminals are also not limiting their attacks to emails.

News URL

https://www.helpnetsecurity.com/2023/06/12/bec-scammers-social-engineering/

#attack