Security News

Email security solutions have trouble detecting BEC scam emails because they are targeted toward specific recipients, generally don't include malicious attachments or links, and often begin with innocuous requests. Intended targets, on the other hand, often fail to spot that these emails have spoofed senders / use spoofed email addresses, or don't find the various email addresses / domains the scammers use suspect.

We've been warning about fake courier scams on Naked Security for many years, even before the coronavirus pandemic increased our collective reliance on home deliveries. The scammer then pretends to be the courier company handling the "Delivery", correctly identifying the item, its value and its made-up shipping code.

Call spoofing, which refers to the process of changing the caller ID to any number other than the actual calling number, is a tactic that has lately been on the rise. The growing sophistication of call spoofing tactics.

"The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social-engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," according to Intel 471. In February, Intel 471 came across a threat actor on a popular Russian-language cybercrime forum who was seeking a team of native English speakers for the social engineering elements of BEC attacks, after obtaining access to custom Microsoft Office 365 domains.

Image: George Kedenburg III. Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges. BEC scammers use various tactics to compromise or impersonate their targets' business email accounts, allowing them to redirect pending or future payments to bank accounts they control.

The problem with copyright infringement notices is that if they're genuine, they can't just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they're received. They've copied a trick that tech support scammers have been using for years, and that some ransomware scammers have recently adopted, namely giving you a toll-free phone number to call for "Help".

Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others. Harrington was charged with Eric Meiggs in November 2019 for targeting the owners of high-value Instagram and Tumblr accounts.

Simply navigating a smartphone camera over the image allows the device's QR translator-built into most mobile phones-to "Read" the code and open a corresponding website. "The problem with QR codes stems from how easy they are to use," they wrote in a report published Tuesday about the growing number of QR code scams.

It's easy to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google. In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information.

LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.