Republican Party of Wisconsin revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump. According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor.
Billions have been lost to BEC attacks in recent years, more than any other type of cyber threat. While BEC attacks are not incredibly sophisticated, they are very difficult to stop and can lead to substantial losses (as the Wisconsin GOP’s incident demonstrates).
- Put strong procedures in place for reviewing and authorizing the payment or transfer of funds.
- Monitor domain name registrations for look-alikes that could be used to send BEC emails.
- Provide users with in-depth, focused training on how to recognize and report BEC scams and frequently test them to maintain vigilance.
- Have a timely and efficient process in place to review suspicious emails, investigate threats, and mitigate attacks.
- BEC: The most costly form of phishing (White paper)
- COVID-19: BEC lures use pandemic to enhance attacks
- Domain Monitoring
- Email Intelligence & Response
*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Stacy Shelley. Read the original post at: https://info.phishlabs.com/blog/2.3m-stolen-from-wisconsin-gop-via-bec-attack