Membership is FREE!   Professional Designations for Business & Technology Professionals

Data Breaches

Fraudsters Steal $15 Million From American Businesses Through a Coordinated BEC Scam

1 Mins read

Hackers stole about $15 million between April and September 2020 by targeting over 150 organizations through a business email compromise (BEC) scam, according to an Israeli-based cybersecurity firm Mitiga. The firm revealed that cybercriminals would impersonate senior executives using perceived legitimate Microsoft Office 365 email addresses, and convinced the victims to deposit money in different accounts owned by the criminals.

The BEC scam involved creating email server domains that were easily confused with legitimate ones through homograph techniques. The attack targeted US firms operating in various sectors such as construction, retail, finance, and law.

BEC scam techniques employed by attackers

Mitiga discovered the BEC scam campaign when a hacker impersonated a payment recipient after learning about a planned wire transfer. The attacker obtained the information by hacking an employee’s MS Office 365 email account. The fraudster then provided new payment instructions that misled the company to deposit the money into the scammer’s wallet instead of the legitimate account.

Upon investigations, the cybersecurity firm discovered 15 Office 365 accounts used to register 150 domains used in the BEC scams. All the domains were registered with GoDaddy’s Wild West Domains and employed a homograph technique to trick the victims. This attack method exploits closely-related domains that are hard to distinguish, for example, paypal.com and paypaI.com or PayPall.com.

Mitiga says that the threat actors chose Microsoft Office 365 email addresses because of the service’s credibility. Using the same technology stack prevented email security filters from detecting suspicious behavior, allowing the BEC scam emails to sail through.

BEC attacks more prevalent and coordinated

Mitiga’s discovery of BEC attacks was just the tip of the iceberg. The FBI revealed that between January 2014 and October 2019, organizations lost about $2.1 billion through similar attacks. Experts also found that every BEC scam earned the fraudsters about $80,000 during Q2 2020. This amount increased from the $54,000 earned during the first quarter of the year (Q1 2020).

The federal agency also said that attackers preferred “two popular cloud-based email services.” However, the FBI did not disclose the names of email services regularly exploited by BEC fraudsters.

In a case investigated by the FBI…

Read The Full Article

Related posts
Data Breaches

In the Age of Coronavirus, Infectious Disease Isn’t the Top Business Risk in the US; Cyber Attacks Are

2 Mins read
Though the Covid-19 crisis is still not in check in the United States after seven months of public restrictions and it is…
Data Breaches

Thieves stole more than $1 million in 'synthetic identity' fraud scheme, Suffolk DA Timothy Sini says

2 Mins read
A complex scheme that netted more than $1 million after thieves created about 20 new identities with stolen information and used them…
Data Breaches

Shopify announces data breach affecting fewer than 200 merchants

1 Mins read
Shopify (SHOP) (SHOP.TO) has notified the Federal Bureau of Investigation and the Royal Canadian Mounted Police of a data breach that has…
Join BIZTEK

Yes, I have read and live by this Code of Ethics - https://biztek.org/code-of-ethics/. We are BIZTEK, located in Mississauga, Ontario. Business Certification is an important part of doing business in Canada. Join us to set new standards and professionalism to the technology sector. We will email you regarding issues that affect business and technology professionals in Canada. Contact us at info@biztek.org or call us at 647 499 2744. You can unsubscribe at any time.

 

Leave a Reply

Your email address will not be published. Required fields are marked *