Flashpoint warns of under-the-radar phishing campaigns

Simple but hard-to-detect phishing campaigns are targeting all industry sectors as a key enabler of business email compromise attacks, security analysts warn.

Business email compromise (BEC) is an increasingly popular method for cyber criminals looking to trick employees into sending them money or confidential information.

Typically, attackers compromise the email accounts of top-level executives and then use email-based social engineering techniques to get accountants to carry out money transfers to criminal-held accounts.

The same technique, also known as CEO fraud or whaling, is used to trick employees into sending out confidential information, and in March 2017, a report revealed the use of fake or compromised email accounts to steal information increased by 39% in the last three months of 2016.

According to the FBI, thieves stole nearly $750m in such scams from more than 7,000 firms in the US between October 2013 and August 2015, security author Brian Krebs wrote in an August 2015 blog post.

Continue reading…