A New Phishing Scam Sends You An Email Disguised As Your Company’s Boss

It is a fact that phishing scams have become quite common nowadays. Today, I am going to tell you about a new phishing scam. Are you ready? The latest email scam is a simple yet masterful plot. It actually gets companies to give up money under the guise of communicating with senior members of an organization within an email chain.

The New Phishing Scam Is Called business email compromise

According to the latest reports, the all-new scam is called a business email compromise (BEC) campaign. It is described as a prompt where a nefarious actor, disguised as a company boss, sends an email that is similar to a forwarded email chain, with instructions to an employee to send money. Employees are actual targets of this type of scam, especially in the finance department or someone who has the ability to send wire transfers.

The fact is that the email chains are fake however, they appear authentic enough that victims typically do not question that they are not from a higher-up employee. Many people have become aware of traditional email attacks, such as viruses, malware, or malicious links, which can actually be avoided by not clicking links, opening emails, or downloading attachments. However, BEC campaigns are quite different. They are typically just text emails and don’t have these markers that can make them stand out as coming from a nefarious entity. In addition to that, they are also not automatically filtered out as spam.

The fact is that BEC campaigns are a steadily growing threat. According to the FBI, incidents related to BEC attacks grew by almost two-thirds (65%) between July 2019 and December 2021. Moreover, the practice itself has drawn in approximately $43 billion. The latest BEC scam originated in Turkey from a bad actor dubbed Cobalt Terrapin, with the first attacks beginning in July 2022.

One such attack involved a government-backed group dubbed Charming Kitten. It was able to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, using similar cookie-stealing tactics. The phishing group developed a hacking tool called Hyperscape to bypass security measures such as multifactor authentication to access private email databases.

Also Check: Oppo A77s Debuts With Snapdragon 680, 50MP Camera & Much More (phoneworld.com.pk)