IBM has uncovered sophisticated CEO Fraud campaigns—aka Business Email Compromise—which are successfully targeting Fortune 500 companies.
On Wednesday, researchers from IBM's X-Force Incident Response and Intelligence Services (IRIS) team said the Business Email Compromise (BEC) scheme is currently active and is successfully targeting Accounts Payable (AP) teams at Fortune 500 companies.
In a blog post, the researchers said that after discovering evidence of the threat in Fall 2017, their analysis of the campaign led them to Nigeria, where the threat actors appear to be operating.
The BEC uses social engineering attacks and phishing emails in order to obtain legitimate credentials for enterprise networks and email accounts.
In many cases, publicly available information is used to craft messages which appeared legitimate and entice phishing victims to visit malicious domains.
It is not known how many criminals are involved in these schemes, but each appears to be using a phishing kit which creates spoofed DocuSign login pages on over 100 compromised websites to dupe users into handing over their credentials. Story continued at ZDnet
From a high-risk user side like accounting, awareness and training is critical. From the mailroom to the boardroom, make sure employees know this is actually happening. He also advises taking a close look at gateway tools, what they're deploying, and how they can protect email.
"You need to understand the gateway is a critical line of defense and we need to be able to defend it," he adds.
Source (and more at): DARKReading
CEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
