What you need to know to avoid becoming a phishing scheme victim


A Lithuanian man is facing up to 30 years in prison this July for his role in a phishing scheme involving Facebook and Google. In March, he pled guilty to helping fleece the two companies out of a total of more than $100 million.

Using a business email compromise (BEC), the wire fraud scheme included sending fake emails to the two companies’ employees on behalf of a legit Taiwanese hardware maker, claiming the tech giants owed it money and directing payments to the scammers’ bank accounts.

DevOps Connect:DevSecOps @ RSAC 2022

This was a fairly common scenario as far as BEC goes, but what makes the case noteworthy is the caliber of its victims. One may normally think that large enterprises wouldn’t fall for this type of a scam. For smaller businesses, it may serve as an eye-opener: if larger, sophisticated companies aren’t immune to phishing schemes, what can the small guy do to fight back?

The prevalence of business email compromise

BEC (also known as CEO email fraud) and email account compromise (EAC) have grown both in sophistication and prevalence. The FBI’s 2018 Internet Crime Report, released in April 2019, shows that in 2018 alone the Internet Crime Complaint Center (IC3) received 20,373 BEC/EAC complaints. Losses totaled over $1.2 billion.

“Most of these types of attacks we see are on small businesses, but they’re afraid to talk about them in public or call the FBI,” says cybersecurity veteran Idan Udi Edry, the CEO of Trustifi. “The smaller organizations are the most vulnerable ones and on top of that, if they get hit, they can’t afford losses like the big ones can.”

Between December 2016 and May 2018, IC3 saw a 136 percent increase in global exposed losses from BEC. And between October ’13 and May ’18 a total of 718,617 incidents, (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Rodika Tollefson. Read the original post at: