Keeping an Eye on Business Email Compromise


Malicious actors have long been using social engineering to bamboozle unsuspecting victims into transferring sensitive information or money in business email compromise (BEC) attacks. During RSA Conference 2016, Tom Kemp, CEO of Centrify, shared his company’s experience of nearly falling victim to a wire transfer scam two years earlier. As time progressed, so did the cybercriminals, and year over year, the attacks have become increasingly more prevalent.

At RSA Conference 2019, Anne Connell, Cybersecurity Engineer at CMU, delivered a session titled Business Email Compromise: Operation Wire Wire and New Attack Vectors, noting the continued increase in these attacks that (at the time) were commonly targeting real estate, legal services, B2B commerce, and database and W2 theft. Connell’s presentation gave an overview of the tactics and techniques of attackers but also outlined coordinated efforts to thwart these attacks; however, the threat of BEC has not decreased. In fact, cybercriminals have evolved in their tactics.

Read more…