One Article Review
| Source |  knowbe4 |
|---|---|
| Identifiant | 8324667 |
| Date de publication | 2023-04-04 13:00:00 (vue: 2023-04-04 13:06:58) |
| Titre | CyberheistNews Vol 13 # 14 [Eyes sur le prix] Comment les inconvénients croissants ont tenté un courteur par e-mail de 36 millions de vendeurs CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist |
| Texte |
CyberheistNews Vol 13 #14 | April 4th, 2023
[Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.
It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance).
The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT).
This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests.
Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i |
| Envoyé | Oui |
| Condensat | #14 #14 $189 000+ 1902 1968 2023 2023:https://www 2:00 2nd 30+ 4th 7th :https://www able abnormal about access acclimated according account across active activities actors acts actual added adding additional additionally address addressed addresses adults advanced adversaries adversary advisory afraid after afternoon afterwards again against against: age agency agricultural alert all allegations allow allows already also amazing among ampproject andrew anniversary:https://youtu announce another any anymore anything anytime anywhere app appear applications apply appreciate approach approve april are around article artificial ask ask:https://www asking aspect associated assume attaches attack attacks attacks; attempted attempts attend attention author authority average avoid awaited award aware awareness away awesome b14b94cd baby backups bad based be/k9ynznebtvw bec because become becoming been before befriend begins being believable believe believe: believed benchmarking best better billion bison bleepingcomputer blocklists blog bloghttps://blog bonus book both bottle box branch brazen bring building bulk bureau business businesses but call calling calls cam can capital car carry case castle category caused cdn central ceo ceoknowbe4 certain change changes chatbots chatgpt chief china chn chonky cisa cisotopia claims class click client climbed collect com com/ com/2023/03/22/russia com/36 com/90871064/everything com/ai com/article/microsoft com/articles/russia com/cybercrimemagazine/cyberheist com/cyberheistnews com/fbi com/inside com/national com/news/security/emotet com/news/state com/oversharing com/people com/politics/2023/03/30/think com/ransomware com/resources/blog/apt43 com/risk/human com/the com/unleashing com/watch com/wcc/r/4145100/57c034348c5523e4f556f1190504feec combined come commercialised common communication companies company compare compared complete completed completely compliance compromise computer conducting confirm cons considered construction consultant contact contacting contextual continue controls cool cooperation copilot corey corporate corruption could course cow craft crafty crawl creates creation credibility credit crime criminal criminally criminals crisis criteria critics crucial cruise crypto cultivate culture culture:https://www curious current cursory customers cyber cyberattack cyberattacks cybercrime cybercriminals cyberheist cyberheistnews cybersecurity cyberwarfare dad dakota damage danger dark darkreading darktrace data date/time: day deals decisions declare dedicated deep defend defense delay deliveries demand demo democracy demonstrate deploy deployment designed destroys detail details detect detection determining develop development devices did diet direction directly director directory disagree discover discovering discovery disinformation display distracted distributed distribution documents does dog dollar dollars domain domains domestic don donut doubt down driven due dylu each early easier easily easy editor educate educates education education/amp/ education:https://www educational effort eliminating elon email emails emergency emotet emotional employee employees employment end energy engaging engineering engineering: english enhanced enough ensure ensuring entering entertains enthusiasts entire entity environment episodes erika especially espionage establish europe european europol evangelist even ever every everything everywhere:https://www evolving excluded exercise:https://www expected expensive experience experiments experiments/ experts explained exploit exploring exposed eyes fabulous face faces failure fake falling falsifies family far fastcompany fastest faux fave fbi feature features fictitious fifth fight fighters/ fighters:https://www files files/ filters finale finance find firewall first fit flixxy floyd focus follow following follows for: force forced former forms forward foundations fraud fraud: fraudsters fraudulent free freedom frequent from ftc fulfilling fun funders funding further future gamble:https://www gang:https://www gangs garage:https://ww |
| Tags | Ransomware Malware Hack Threat |
| Stories | ChatGPT ChatGPT APT 43 |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.