BEC-as-a-Service Campaigns Drive Surge in Email Fraud

Security experts are warning of large-scale business email compromise, or “BEC-as-a-service,” campaigns after blocking thousands of attacks in the fourth quarter of 2021.

Kaspersky claimed to have detected 8000 BEC attacks globally in the period, with the vast majority (5037) coming in October.

It said that while some attempts are highly targeted, others are sent from free email accounts and designed to reach as many victims as possible, hoping to trick a small percentage.

In these campaigns, the message is usually vague, claiming that the sender has a request they’d like the recipient to handle.

If the latter replies, the fraudster will ask them to make an urgent fund transfer to pay off a contract or some other excuse. Sometimes they request that sensitive information be sent, Kaspersky claimed.

However, such attempts are usually easy to spot as they may contain spelling or grammatical errors and are not sent from corporate email accounts.

This is in contrast to more targeted efforts, where the threat actor often hijacks a corporate inbox via phishing, monitors the messages coming in and then steps in at a critical moment to send a spoof request for payment.

“Right now, we observe that BEC attacks become one of the most common social engineering techniques. The reason for that is pretty simple – scammers use such schemes because they work,” argued Roman Dedenok, security expert at Kaspersky.

“While fewer people tend to fall for simple mass-scale fake emails now, fraudsters started to carefully harvest data about their victims and then use it to build trust. Some of these attacks are possible because cyber-criminals can easily find names and job positions of employees as well as lists of contacts in open access. That is why we encourage users to be careful at work.”

BEC is the highest-grossing cybercrime type, making fraudsters nearly $1.9bn in 2020, according to the FBI. The Feds recently warned that threat actors increasingly use virtual meeting platforms to carry out attacks.

In one tactic, they fake a CEO request to join a virtual meeting, where they will insert a still image of the CEO and use a deepfake audio to spoof their voice, claiming the video is not working properly. They’ll then instruct the participant to make a fund transfer.

What’s Hot on Infosecurity Magazine?