WIRED: "The Decade Big-Money Email Scams Took Over"



iStock-1050944536Excellent article in WIRED, where they observed that In the last few years, the "Nigerian prince" scams have gotten a major upgrade. Here is an extract and a link to the full article:

"For a long time cybercriminals believed that the money was within the masses," says Crane Hassold, senior director of threat research at the email security firm Agari and former digital behavior analyst for the Federal Bureau of Investigation. "But in fits and starts over the past decade and then especially beginning about five years ago you saw a pivot of the entire threat landscape—email scams, ransomware—making more money with targeting businesses than individuals. We’re certainly not at the peak of this wave right now. We are at a point of rapid evolution."

As spam filters improved and web users wised up, scammers found themselves hitting a plateau. So they did what any entrepreneur would: innovate and diversify.

Between June 2016 and July 2019 the FBI counted 166,349 BEC incidents in the US and abroad totaling more than $26 billion in losses. The Treasury Department’s Financial Crimes Enforcement Network estimates that BEC losses crossed $300 million per month with more than 1,100 incidents per month in 2018. And that just covers incidents that victims reported.

One catalyst of BEC growth is its reliance on the fundamentals of scamming, rather than requiring advanced hacking skills. Tricking someone into paying a fraudulent invoice over email isn't that different from charging people to play a rigged carnival game. Often, the most technical part of the scam for attackers involves using techniques like targeted spear phishing or credential stuffing to break into a company email account for legitimacy and to do recon on how to craft the most compelling scam.

Read the full article here


Request A Quote: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!

Get A Quote Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/kmsat-security-awareness-training-quote



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews