centristic
  • Solutions
    • Governance, Risk and Compliance Services
    • Identity and Access Management Service
    • Data Protection & Privacy
    • Cyber & Information Security
    • Attack Simulation
    • Office 365 & Azure Security
  • Services
    • Attack Simulation
    • Cyber & Information Security
    • Data Protection & Privacy
    • Governance, Risk and Compliance Services
    • Identity and Access Management Service
    • Office 365 & Azure Security
  • Support
    • Contact Us
    • Customer Portal
  • Company
+1 (954) 488-2643
  • Solutions
    • Governance, Risk and Compliance Services
    • Identity and Access Management Service
    • Data Protection & Privacy
    • Cyber & Information Security
    • Attack Simulation
    • Office 365 & Azure Security
  • Services
    • Attack Simulation
    • Cyber & Information Security
    • Data Protection & Privacy
    • Governance, Risk and Compliance Services
    • Identity and Access Management Service
    • Office 365 & Azure Security
  • Support
    • Contact Us
    • Customer Portal
  • Company
centristic
  • Solutions
    • Governance, Risk and Compliance Services
    • Identity and Access Management Service
    • Data Protection & Privacy
    • Cyber & Information Security
    • Attack Simulation
    • Office 365 & Azure Security
  • Services
    • Attack Simulation
    • Cyber & Information Security
    • Data Protection & Privacy
    • Governance, Risk and Compliance Services
    • Identity and Access Management Service
    • Office 365 & Azure Security
  • Support
    • Contact Us
    • Customer Portal
  • Company
Blog
Home Email Scams BEC Scams are Back
Email ScamsNEWSPhishing

BEC Scams are Back

Roland Rodriguez Roland Rodriguez September 2, 2020 0 Comments

Business Email Compromise (BEC) is not a new term

Business Email Compromise scams have been growing in popularity for some time now. It is a term used when a fraudulent email is sent to a company or individual, and the email appears to be from a legitimate business resource or person, often varying from the legitimate email address by just a letter or two. There may be instructions within the scam email for the recipient to transfer money, purchase gift cards, click on a malicious link, or perform some other activity at the behest of the sender. Unfortunately, BEC scams often put the recipient at a disadvantage because they see the name or title of the sender and react quickly, or are hesitant to question authority.

So, what’s the secret sauce that cybercriminals use across the board when launching their attacks on unsuspecting victims? According to a recent report from Barracuda, it’s surprisingly simple and straightforward: legitimate email accounts.

Let’s elaborate on that. Barracuda found that hackers launched 100,000 BEC attacks on over 6,000 organizations by using 6,170 legitimate email accounts (which of course, were created with malicious intent). We’re talking Gmail, AOL, and other verified email services.

The report further outlines the details of the attacks, identifying that 45% of the BEC attacks since April of 2020 were carried out with these email accounts. It appears that Gmail is the platform of choice with 59% of the accounts originating there. This may be a result of the cost to create an account (it is free), the ease of registration of a new account, and the solid reputation that a company like Google carries – meaning it is much more likely to pass through security filters.

Change in Identity

While the email account will remain the same, the sender’s name does get updated from time to time by the cybercriminal in order to go unnoticed by the recipient. These accounts are not often used for more than a 24-hour period and then will go dormant for a while to lessen suspicion or if it has been flagged already, to reduce the likelihood of being detected by another server. That doesn’t mean it goes away forever. Like your MySpace account, it stays out there in cyberspace waiting to be revisited.

Phishing for…Anything

Again, BEC scams are not new and they are just a small ‘subdivision’ of the much bigger issue of phishing – the single most used point of entry to a company in order to breach the data contained within the business infrastructure. And with the cost being minimal (basically it is free to do) and return on investment being potentially huge, the risk far outweighs the benefits.

Ongoing training is one of the best ways to arm employees and clients with the right tools to make them sufficient at protecting themselves.

73
994 Views
Roland Rodriguez
AboutRoland Rodriguez
IT security analyst with Centristic since 2014.
In Socials:
Business Booming for Hackers and Cyber-Criminals: The Dark EconomyPrevBusiness Booming for Hackers and Cyber-Criminals: The Dark EconomyAugust 26, 2020
Fighting CyberCrime: A Community EffortSeptember 9, 2020Fighting CyberCrime: A Community EffortNext

Related Posts

Data BreachNEWSRansomwareSecurity

Business Booming for Hackers and Cyber-Criminals: The Dark Economy

It is very disheartening to think that one quick mistake can lead to hours and hours –...

Roland Rodriguez Roland Rodriguez August 26, 2020
Data BreachNEWSSecurity

Fighting CyberCrime: A Community Effort

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security...

Roland Rodriguez Roland Rodriguez September 9, 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts
  • Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
  • Cybersecurity Threat Advisory: BlackMatter Ransomware
  • CISA Launches Campaign to Reduce the Risk of Ransomware – Centristic Launches Campaign to Eliminate the Risk
  • 9 Cybersecurity Tips to Keep Your Device and Data Safe
  • Home Office Security – Never Too Late to Evaluate
Subscribe to our blog
We have lots of stuff for you to read.
Categories
  • Data Breach
  • tipsEmail Scams
  • HIPAA
  • newsNEWS
  • tipsPhishing
  • phishRansomware
  • Security
  • Tips and Tricks
  • Uncategorized
Most Viewed Posts
Search our Site

Centristic delivers the industry’s most complete IT security and secured solutions to small cap business. Whatever your IT security needs and goals, and wherever you’re starting,

Quick Links
  • Solutions
  • Services
  • Support
  • Company
  • Blog
Get In Touch

Adress:
5645 Coral Ridge Dr #230 Coral Springs, FL 33076-3124
Phone:
+1 (954) 488-2643
Business Hours:
Monday – Friday: 9am to 6pm
Saturday – Sunday: Closed

Copyright © 2020 Centristic. All Rights Reserved

Close