One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8386761 |
| Date de publication | 2023-09-22 05:00:48 (vue: 2023-09-22 16:02:53) |
| Titre | 10 Exemples d'escroque 10 Real-World Business Email Compromise (BEC) Scam Examples |
| Texte | Business email compromise (BEC) is an email scam where malicious actors impersonate a trusted source using a spoofed, lookalike or compromised account. Fraudsters send targeted emails to employees, business partners or customers. The recipients, believing the emails are legitimate, then take actions that lead to scammers gaining access to sensitive data, funds or accounts. Notably, most BEC attacks result in fraudulent wire transfer or financial payment. The FBI\'s Internet Crime Complaint Center reports that businesses lost more than $2.7 billion to BEC scams in 2022. That\'s more than one-quarter of all the cyber crime-related financial losses for that year. Proofpoint research for the 2023 State of the Phish report showed that 75% percent of organizations experienced at least one BEC attack last year. BEC is often hard to detect because there is no malicious payload, such as URL or attachment. And yet, it\'s easy to understand why BEC scams are so successful. Just take a closer look at the various social engineering tactics used in the following 10 recent BEC attacks, which are a testament to fraudsters\' creativity, ingenuity and persistence. #1: Fraudster steals more than 1,000 unpublished manuscripts What happened: Filippo Bernardini, an employee at the U.K. operation of publishing company Simon & Schuster, impersonated book agents, editors, authors and others for years in a quest to obtain unpublished manuscripts. The book thief\'s aim: to read new works before anyone else. BEC strategy: Bernardini registered more than 160 fake internet domains to send emails from slightly altered, official-looking email addresses. A key factor in his success was his insider knowledge of the publishing world. #2: Real estate firm loses €38 million to international gang of fraudsters What happened: A real estate developer in Paris, Sefri-Cime, was targeted by an international email “CEO fraud” gang in December 2022. The group managed to steal €38 million through one BEC scam, which they then laundered through bank accounts in various countries, including China and Israel. BEC strategy: The firm\'s CFO received an email from someone claiming to be a lawyer at a well-known French accounting firm. Within days, the fraudster had gained the CFO\'s trust and began to make successful requests for large and urgent transfers of millions of euros. #3: Eagle Mountain City, Utah, sends $1.13 million to vendor impersonator What happened: This rapidly growing, master-planned community had so many new projects underway that busy city officials grew accustomed to receiving requests for large payments from various vendors-and thus, became less vigilant about looking out for potential scams. BEC strategy: In August 2022, Eagle Mountain was engaged in a construction project to widen a major road. During an email exchange between city officials and its construction vendor, BEC scammers inserted themselves into an email thread and impersonated the vendor. The cyber criminals persuaded a staff member to transfer an electronic payment to them instead. #4: Fraudsters steal $2.8 million from Grand Rapids Public Schools in Michigan What happened: A California couple defrauded a Midwestern school district and went on a spending spree with the stolen funds. It all started when they gained access to an email account of the school district\'s benefits manager. It all began to unravel after an insurance company inquired about the missing funds. BEC strategy: The fraudsters monitored correspondence between the district and its health insurance vendor about monthly insurance payments. They then sent an email to a district finance specialist asking them to change the wiring information for those payments. That person complied, which resulted in two large payments being sent to the bank account of a California nail salon that the couple owned. #5: CFO impersonator defrauds Children\'s Healthcare of Atlanta of $3.6 million What happened: This pediatric care provider\'s experience with B |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | #10: #1: #2: #3: #4: #5: #6: #7: #8: #9: $100 $11 $470 $793 €38 000 150 160 2014 2018 2021 2022 2023 400 about above access account accounting accounts accustomed acre actions activity actor actors address addresses after against agents aim: all almost also altered announced annually another anyone appear approach are aren arrest arrested arrived asking assessment atlanta attachment attachments attack attacks attacks august authenticate authors automate bad bank banking baptist based bec bec: became because been before began behind being believed believing belonging benefits bernardini best between billion blocks body book both brand break build builder business businesses busy but california came campaign campaigns campus can care carolina carry cases center cfo change children china church church cime citizen city city claiming clever closer collecting com combat commonwealth community companies company complaint complied compromise compromised conduct construction contacted contracting contractor contractors correspondence costly cottage countries countries couple created creativity crime criminal criminals customers cyber data days decade december defense defrauded defrauds designed details detect detection developer different directed discovery disperse district dollars domain domains download drain dunn duped during eagle easy editors education electronic elkin else email emails emerged employee employees enable enabled end engaged engineering established estate euros even every example examples exchange executive experience experienced exposure factor fake familiar fast fbi filippo finance financial firm firm first five focus following fraud fraudster fraudsters fraudsters fraudulent fraud” free french friday from fund funds gained gaining gang gauge general genslinger get global got grand grew ground group grove growing had half happened happened: happening hard has health healthcare help here hide highlighted hired his hospitals how however identical identities impersonate impersonated impersonator impersonator inbox included including incorrect individual individuals infiltrated information infrastructure ingenuity inquired inserted insider instead instructions insurance insurers integrated interact international internet interpol involving israel its jeff jump just kansas key kicking kjellstrom know knowledge known languages large last late later launch launched laundered lawyer lead learn learned least led lee legit legitimate less letter letterhead light likely list look lookalike looked looking loses losing losses lost lot major make malicious malware man managed manager manuscripts manuscripts many mass massive master medicaid medicare member members message message; michigan mid midwestern million millions million minnesota missing missouri monday money monitor monitored monthly months moore more most mountain moved multiple nail name nearly new news nigeria night north not notably obtain off official officials often once one only open operation opportunist organization organizations other others out outlined overview owned paris partners payload payment payments pediatric people percent perpetrators persistence person persuaded pervasive phishing phish report planned posing post potential preparedness president previous private programs programs project projects proofpoint proofpoint protect protection provider provides public publishing quarter quest quick rake rampant rapidly rapids read ready real received receiving recent recipients recouped registered reimbursement related remote report reports representative representatives request requesting requests research response result resulted richmond ringleader risks road round sadly salon sampling scale scam scammed scammer scammers scams scams schemes school schools schuster secretary sefri send sends senior sensitive sent series several sewer shell showed silverterrier simon since siphons slightly smart social solution someone sometimes sons soon sophisticated source specialist spending spent spoils spoofe |
| Tags | Malware Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.