Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks.
A campaign that uses remote access Trojans and malware-as-a-service infrastructure for cyberespionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.
The Microsoft 365 Defender research team says it has “disrupted a large-scale business email compromise infrastructure hosted in multiple web services.” It describes in a blog post how the BEC fraud scheme worked.
Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.
A recent phishing scheme used fake Microsoft Office 365 update messages to target financial executives and others in an effort to harvest their credentials, according to the security firm Area 1.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
Internet-enabled crime has surged during the pandemic, with more than $4.2 billion in losses reported by victims to U.S. authorities in 2020. The most lucrative type of crime continues to be business email compromise scams, which last year accounted for at least $1.8 billion in losses, the FBI reports.
There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organisation’s potential damage and their payoff. After achieving root access, the bad guys explore your network reading email, finding data troves and once...
A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice.
The decline in the total number of U.S. data breaches in 2020 isn't all good news; it reflects that hackers are changing their tactics, says James Lee of the Identity Theft Resource Center, who offers an analysis of the center's new data breach report.
Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.
Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails. The schemes include business email compromise scams, messages with malicious attachments and phishing emails designed to harvest credentials.
Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns.
Interpol, Nigerian law enforcement agencies and security firm Group-IB have collectively uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. Three suspected members have been arrested in Nigeria.
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.
