Top types of Business Email Compromise [BEC]
Introduction
“Hallo! I am Prince Thereisnodana Thereisonlyzuul from Nigeria. I am in need of business partner in the States of United for which I am willing to pay $40 Million Dollar US.”
When the average person hears about an email scam or a phishing scam, they more often than not think of something like the above — broken English, bad email addresses, obviously fake links, the works. But while these emails are some of the worst forms of spam in the world, they also are highly profitable for the people doing them. How is that possible?
At first glance, you would think that if they hired a native English speaker and dialed down some of the obvious eccentricities, it would be a far more effective scam. There are theories out there, however, that this is done deliberately as a filter to target a very specific kind of person. And like it or not, they seem to be right.
This brings us to a more dangerous point: targeted phishing emails and Business Email Compromise scams. Like we mentioned before, it would seem that dialing up the scam can actually be more effective, and sadly, BEC scams prove just how dangerous this can be.
The big three
According to the FBI, there are three main variants of BEC scams:
The bogus invoice scheme
This scenario usually involves faking a message from an organization that the target knows well. The target receives a request to send payment to a specific account, which appears to be from this organization. The message seems as close to genuine as possible, and without detailed examination, it may just fly under the radar and be processed as normal.
CEO fraud
This scenario revolves around hijacking the email address of an executive in the organization and (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Kurt Ellzey. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/3zXI4a4jFw4/
