The PhishLabs Blog

The Growing Business of Cybercrime as a Service

Posted by Lindsey Havens on Oct 14, '16

As part of our Cyber Security Awareness Month series, we have so far explored data breaches and Business Email Compromise (BEC). These topics and tactics roll up into a more global discussion about the growing economy of cybercrime. We reported in 2015 that, as competition continues to rise in the underground marketplace, illicit operations are evolving and expanding services to offer “Cybercrime-as-a-Service” (CaaS). Let's take this opportunity to look into this business model, which continues to strengthen and grow in scope as threat vectors evolve. 

Read More

Topics: Data Breach, Cybercrime-as-a-Service, BEC, Cyber Security Awareness Month

All Phish are Not Created Equal: The Evolving BEC Scam

Posted by Lindsey Havens on Oct 13, '16

To further our Cyber Security Awareness Month initiative in helping you be #CyberAware, we want to focus on a specific type of phishing tactic that has gained popularity in the last few years: Business Email Compromise, commonly referred to as "BEC."  As cybercriminals evolve their attack methodologies, they have learned from their mistakes and BEC is an unfortunate example of how they are circumventing technology defenses and exploiting organizations' greatest vulnerability: employees.  

Read More

Topics: BEC, business email compromise, Cyber Security Awareness Month

Olympic Vision Keylogger and BEC Scams

Posted by Eris Maelstrom on May 24, '16

During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment confirmation lures. This campaign appears to be originating out of South Africa, utilizing both maliciously registered free domains as well as compromised domains.

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, BEC, business email compromise

New Phish Kit Techniques, E-Commerce Scam Potential, Financial Extortion Increase, and more | TWIC - November 6, 2015

Posted by Lindsey Havens on Nov 6, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, PhishLabs, Exploit, Strategy, Phish Kit, The Week in Cybercrime, Data Breach, Botnet, Hacked, BEC, Breach

Scammers up Their Game with New BEC Attacks


BEC is an acronym for "business email compromise." BEC refers to social engineering attacks used to convince those in charge of finances at an organization to send large payments to the scammers. These attacks are carried out over email conversations initiated by the scammer who spoofs the identity of an executive at the organization. 

Read More

Topics: BEC

DDoS Bank Attacks, Ashley Madison BEC Targeting, Dark Web Vulnerability, and more | TWIC - August 28, 2015

Posted by Lindsey Havens on Aug 28, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, PhishLabs, DDoS, Hacker Tools, The Week in Cybercrime, Account Takeover, Hacked, Spear Phishing, Spear Phishing Protection, BEC

FBI Fraud Alert, Adobe Emergency Patch, Theme Park Breach Investigation and more | TWIC - June 26, 2015

Posted by Lindsey Havens on Jun 26, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Adobe, The Week in Cybercrime, Hacked, BEC, Breach

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all