A large-scale business email compromise (BEC) campaign was detected by tech giants Microsoft that used using typo-squatted domains registered a few days before the attacks started for targeting more than 120 organizations.
Various tactics are used by BEC scammers to compromise business email accounts including social engineering, phishing, or hacking. The tactics are also used to redirect payments to bank accounts under their control or target employees in gift card scams.
Typo-squatted domains were used to send emails while impersonating higher officials employed at companies from different sectors that include real estate, discrete manufacturing, and professional services.
The research team employed by the tech giants, observed patterns in using the correct domain name but an incorrect TLD, or a change in the spelling of the organization name. Only days before the email campaigns started the domains were seen to be registered.
Despite the efforts put in by the scammers to match the spoofed domains to the right target, the registered domains did not always match the organizations that were being impersonated.
The attackers’ reconnaissance skills are apparent since they addressed the targeted employees’ using their first names even if their approach was flawed. To add legitimacy to the phishing emails standard phishing techniques like fake replies were used as well.
Filling in the headers gave the emails a look of legitimacy and made it look as if the attacker was simply replying to the existing email thread between the Yahoo and Outlook user.
This tactic sets this campaign apart from other BEC campaigns where a real or specially crafted fake email was by the attackers by adding the sender, recipient, and subject, in the new email body, making appear as though the new email was a reply to the previous email.
Although the method used by the attackers lacks sophistication and their phishing emails look malicious to some extent but according to various surveys since 2018, BEC attacks are behind record-breaking financial losses each year.
a Recovery Asset Team focused on recovering money that can still be tracked and on freezing accounts used by fraudsters for unauthorized BEC transfers was established by the Federal Bureau of Investigation (FBI) in 2018.
Organizations in the US private sector were warned by the FBI about BEC attacks increasingly targeting state, local, tribal, and territorial (SLTT) government entities in the month of March.
The IC3 or the FBI’s Internet Crime Complaint Center as it is called qualifies BEC is an increasing and constantly evolving threat as cyber-criminals become more sophisticated and adapt to current events.
From 2019 to 2020, there was a 5 percent increase in adjusted losses, with over $1.7 billion adjusted losses reported to IC3 in 2019 and over $1.8 billion adjusted losses reported in 2020.
To read more, please check eScan Blog
