1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Business email attacks are going increasingly mobile

    From TechnologyDaily@1337:1/100 to All on Fri Dec 9 15:45:03 2022
    Business email attacks are going increasingly mobile

    Date:
    Fri, 09 Dec 2022 15:23:26 +0000

    Description:
    Criminals are seeing many benefits to using SMS messages for BEC attacks, researchers claim.

    FULL STORY ======================================================================

    Business Email Compromise (BEC) attacks - in which threat actors assume the identities of business executives over email and try to trick employees into sending a wire transfer or something similar - are going mobile, security experts have warned.

    A report from Trustwave found the number of BEC attacks that leverage the Short Message Service (SMS) instead of email has been steadily increasing.

    The process is almost identical - the attacker would reach out to the victim, introduce themselves as one of the companys executives, and share a copy of
    an aging report. In the same message, theyd ask the victim to initiate a wire transfer, change a payroll account, or have them transfer company funds in some other way. More potent than email

    There are many benefits to using SMS for BEC attacks instead of emails, the researchers say. The obvious one is that there are fewer elements that can make the target suspicious. While every email carries the senders address, which can be the first way to check for potential fraud, an SMS message only has the phone number and in many cases, employees dont have their bosses numbers and might not double-check them.

    Furthermore, the attackers can decline a potential phone call, saying theyre in a meeting or otherwise unable to answer the call. Finally, SMS communication is a lot faster than email, allowing threat actors to get the job done a lot quicker, with Trustwave also highlighting a Federal Communications Commission (FCC) report stating unsolicited text messages tripled in 2022, compared to 2019. Read more

    Here's our rundown of the best firewalls around


    The many moving parts of business email compromise


    Your boss isn't really emailing you - it's a scam

    Initiating wire transfers is also something that might raise suspicions,
    which is why fraudsters usually ask the victims to purchase a gift card, instead. They would promise the victims that their purchase would be reimbursed. Most of the time, the crooks would ask their targets to purchase gift cards from Target, Google Play, Apple, eBay, or Walmart.

    To protect against SMS-based BEC attacks, businesses should educate their workforce on security awareness, and have them always verify peoples identities when communicating via text messages, Trustwave said.

    Furthermore, they should raise awareness among their employees that private data can be scraped from social media accounts and used in attacks, and finally - they should insist on multi-factor authentication (MFA) wherever possible, to make it harder for threat actors to gain access to valuable systems. These are the best endpoint protection software around



    ======================================================================
    Link to news story: https://www.techradar.com/news/business-email-attacks-are-going-increasingly-m obile


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)