- "AI, 지속가능성 앞당길 기술로 인식되나 에너지 소비 우려 지속" 알리바바클라우드
- HPE, 2,500여 일자리 줄인다··· 유력한 원인은 '서버 매출 부진'
- 레이벤 메타가 AI 스마트 안경 시장 열었다··· 2024년 글로벌 시장 210% 성장
- They said I couldn't find a high-quality multitool for under $30 - but this one's a winner
- I compared the viral $50 earplugs with my $300 sleep earbuds - here are the results
BEC-as-a-Service Campaigns Drive Surge in Email Fraud
Security experts are warning of large-scale business email compromise, or “BEC-as-a-service,” campaigns after blocking thousands of attacks in the fourth quarter of 2021.
Kaspersky claimed to have detected 8000 BEC attacks globally in the period, with the vast majority (5037) coming in October.
It said that while some attempts are highly targeted, others are sent from free email accounts and designed to reach as many victims as possible, hoping to trick a small percentage.
In these campaigns, the message is usually vague, claiming that the sender has a request they’d like the recipient to handle.
If the latter replies, the fraudster will ask them to make an urgent fund transfer to pay off a contract or some other excuse. Sometimes they request that sensitive information be sent, Kaspersky claimed.
However, such attempts are usually easy to spot as they may contain spelling or grammatical errors and are not sent from corporate email accounts.
This is in contrast to more targeted efforts, where the threat actor often hijacks a corporate inbox via phishing, monitors the messages coming in and then steps in at a critical moment to send a spoof request for payment.
“Right now, we observe that BEC attacks become one of the most common social engineering techniques. The reason for that is pretty simple – scammers use such schemes because they work,” argued Roman Dedenok, security expert at Kaspersky.
“While fewer people tend to fall for simple mass-scale fake emails now, fraudsters started to carefully harvest data about their victims and then use it to build trust. Some of these attacks are possible because cyber-criminals can easily find names and job positions of employees as well as lists of contacts in open access. That is why we encourage users to be careful at work.”
BEC is the highest-grossing cybercrime type, making fraudsters nearly $1.9bn in 2020, according to the FBI. The Feds recently warned that threat actors increasingly use virtual meeting platforms to carry out attacks.
In one tactic, they fake a CEO request to join a virtual meeting, where they will insert a still image of the CEO and use a deepfake audio to spoof their voice, claiming the video is not working properly. They’ll then instruct the participant to make a fund transfer.
