“The best way to stop these [BECs] is to switch on DMARC with the strongest policy (“p=reject”) as default.” – Phil Muncaster (Infosecurity-Magazine) Phil Muncaster shares this advice – which could help protect against a Business Email Compromise (BEC) scam – in his article on the uncovering of information that… Continue Reading DMARC: Defenses against Business Email Compromise Attacks
In an article last week, we highlighted the case of a Dutch firm that lost €19m ($21m) to a Business Email Compromise (BEC) scam to push forward the idea of having strong security measures for preventing BEC Scams. Today, we came across the news of a (rather old) BEC incident… Continue Reading Preventing BEC Scams: Manual controls and multi-person authorization
I just came across this post by Alastair Paterson of Security Week highlighting that attackers are monetizing non-traditional methods to compromise business accounts (BEC and EAC). Alastair points at three alternative methods that are being successfully put at work: Using email credentials purchased from criminal forums, Re-trying the credentials of already… Continue Reading 7 Security Measures Against BEC You CANNOT Neglect
“Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes… The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets.” Secure List, Loki Bot: On a hunt for corporate passwords Experts from Kapresky lab have come… Continue Reading Major Security Firms Detect a Surge in Phishing Attacks on Corporate Email Accounts
Of the 229 breaches added this year to the HHS “wall of shame”, the largest one is the attack on UnityPoint Health. The Iowan company fell victim to a business email compromise (BEC) attack that compromised its business email system. How big is the UnityPoint Health data breach? As per… Continue Reading Business Email Compromise – How it Works?