The U.S. Attorney's Office for the Eastern District of Virginia last week indicted three men - including an ex-employee of Bank of America and TD Bank - with money laundering and aggravated identity theft after the men allegedly conducted an extensive business email compromise scheme.
Even the world’s most successful organizations have significant weaknesses in their cybersecurity defenses, which today’s determined hackers can exploit at will. There’s even a term for it: Assume Breach.
But assuming you’ll be hacked isn’t an option for you. Your organization can’t afford a loss of...
No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.
Join Javvad Malik, Security Awareness Advocate for KnowBe4, as he provides...
Business email compromise attacks, which balance low-tech tactics with the potential for big profits, remain popular. Attackers continue to refine their tactics, including subverting legitimate redirect services as well as recruiting English-speaking business partners and cryptocurrency tumbler operators.
A campaign that uses remote access Trojans and malware-as-a-service infrastructure for cyberespionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.
The Microsoft 365 Defender research team says it has “disrupted a large-scale business email compromise infrastructure hosted in multiple web services.” It describes in a blog post how the BEC fraud scheme worked.
Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
Internet-enabled crime has surged during the pandemic, with more than $4.2 billion in losses reported by victims to U.S. authorities in 2020. The most lucrative type of crime continues to be business email compromise scams, which last year accounted for at least $1.8 billion in losses, the FBI reports.
There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organisation’s potential damage and their payoff. After achieving root access, the bad guys explore your network reading email, finding data troves and once...
A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice.
The decline in the total number of U.S. data breaches in 2020 isn't all good news; it reflects that hackers are changing their tactics, says James Lee of the Identity Theft Resource Center, who offers an analysis of the center's new data breach report.