“The best way to stop these [BECs] is to switch on DMARC with the strongest policy (“p=reject”) as default.” – Phil Muncaster (Infosecurity-Magazine) Phil Muncaster shares this advice – which could help protect against a Business Email Compromise (BEC) scam – in his article on the uncovering of information that… Continue Reading DMARC: Defenses against Business Email Compromise Attacks
The 2nd quarter phishing activity trends report published by the anti-phishing working group (APWG) has reported a jump in the number of phishing attacks using encryption to fool victims. As per the APWG report, 35% of phishing attacks in the second quarter of 2018 were hosted on websites with HTTPS and… Continue Reading Phishing Trends Report a Jump in Phishing Attacks Using Encryption
I just came across this post by Alastair Paterson of Security Week highlighting that attackers are monetizing non-traditional methods to compromise business accounts (BEC and EAC). Alastair points at three alternative methods that are being successfully put at work: Using email credentials purchased from criminal forums, Re-trying the credentials of already… Continue Reading 7 Security Measures Against BEC You CANNOT Neglect
“Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes… The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets.” Secure List, Loki Bot: On a hunt for corporate passwords Experts from Kapresky lab have come… Continue Reading Major Security Firms Detect a Surge in Phishing Attacks on Corporate Email Accounts
Of the 229 breaches added this year to the HHS “wall of shame”, the largest one is the attack on UnityPoint Health. The Iowan company fell victim to a business email compromise (BEC) attack that compromised its business email system. How big is the UnityPoint Health data breach? As per… Continue Reading Business Email Compromise – How it Works?