BEC is an acronym for "business email compromise." BEC refers to social engineering attacks used to convince those in charge of finances at an organization to send large payments to the scammers. These attacks are carried out over email conversations initiated by the scammer who spoofs the identity of an executive at the organization.
These have become more prevalent since PhishLabs first blogged about them in May 2014, and there appear to be a greater number of copycat attacks. More importantly, tactics have evolved as scammers experiment and benchmark their successes, resulting in better targeting, more convincing scams, and greater losses. PhishLabs' recent research has produced findings than can help us all fight back.
Then and now
In our original blog post, we described the general flow of the attacker's playbook and gave some specific indicators for what was one of the most successful BEC campaigns ever. The following chart compares key tactics between those first attacks and two current campaigns:
There are a few differences among the two current campaigns, but they are more similar to each other than both are to past attacks. It seems more likely that someone looking for emails from impersonated domains with PDFs containing overseas bank account details -- key indicators of past attacks -- might miss and be more likely to fall for these new attacks, so it's important to look at indicators for these new campaigns.
Download the full intelligence report for details on the recently observed attacks, specific characteristics of those attacks, and best practices to help mitigate and eradicate the threat.
Also, if you would like to join us for a live webinar about the developments in BEC attacks, you can register here: http://info.phishlabs.com/scammers_up_their_game_with_new_bec_attacks
About the Author:
Don Jackson is an established subject matter expert (SME) on cyber security and intelligence with extensive experience researching and protecting financial institutions against advanced cybercrime malware. As the discoverer of the Gozi Trojan and one of the foremost authorities on modern crimeware such as ZeuS and Citadel, Don has been featured for his expertise in major media outlets including CNBC, USA Today, 60 Minutes, The Register and The Guardian. His specialties include threat research, intelligence analysis, investigations, digital forensics, reverse engineering, and malware analysis