09 Oct 2019

Only 1 in 5 enterprises have DMARC records set up with an enforcement policy

A new Valimail report shows that while companies are increasingly adopting the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol for email authentication, which is designed to prevent email spoofing attacks, the vast majority have not configured it properly. In fact, only 17% of email domains using DMARC have an enforcement

Read More
03 Oct 2019

New Silent Starling Attack Group Puts Spin on BEC

Security researchers with Agari warn that scammers are targeting companies with a new technique, which is a variation of business email compromise (BEC). The new attack, dubbed “vendor email compromise,” has been used by the Silent Starling group that is operating from West Africa. The scammers have so far taken

Read More
17 Sep 2019

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks increased in the first half of this year, with many campaigns spoofing webmail and software-as-a-service (SaaS) providers, a recent APWG report[pdf] shows. The number of detected phishing campaigns surged from 138,328 in Q4 of 2018 to 180,768 in Q1 of 2019 and then grew further to 182,465 in

Read More
11 Sep 2019

281 suspects arrested in massive crackdown against BEC scammers

An international law enforcement operation code-named Operation reWired has resulted in the arrests of 281 people suspected of carrying out business email compromise (BEC) scams. 167 arrests occurred in Nigeria and 74 in the United States. Authorities also seized close to $3.7 million as part of the collaborative effort involving

Read More
11 Sep 2019

FBI: BEC now a $26 billion fraud, as HR payroll diversion attacks linked to same scammers

Business email compromise (BEC) scams have resulted in over $26 billion in global ‘exposed dollar losses’ over the past three years, the The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) estimates. The figure includes actual costs from successful scam campaigns and hypothetical costs from failed attacks. For

Read More
03 Sep 2019

BEC overtakes ransomware and data breaches in cyber-insurance claims

Business email compromise (BEC) has become the most common reason for organizations to file cyber-insurance claims, a new AiG study[pdf] covering the EMEA (Europe, the Middle East, and Asia) region shows. Last year, 23% of all cyber-insurance claims were related to BEC. Ransomware accounted for 18% of claims, followed by data

Read More
26 Aug 2019

80 Charged in Massive BEC Operation Bust

The US Department of Justice has indicted a whopping 80 people over their alleged participation in a massive cyber fraud operating that stole millions from businesses and individuals via business email compromise (BEC) and romance scams. Most of the defendants are Nigerian nationals that were based in Nigeria, the US

Read More
13 Aug 2019

Unsolicited Blank Emails Could Portend BEC Attacks

If one or more employees in an organization receive an unsolicited blank email, this may mean that the company will soon be targeted in a business email compromise (BEC) scam campaign, Agari researchers warn. The company has been tracking various BEC scam groups and discovered that these threat actors often

Read More
18 Jul 2019

BEC Scams Average $301 Million Per Month In Illegal Transfers

New data compiled by the Financial Crimes Enforcement Network (FinCEN) shows that illegal transactions linked to business email compromise (BEC) scams averaged $301 million per month last year. The figure is based on suspicious activity reports (SARs) received by FinCEN. In 2018, the organization received close to 14,000 filings. The

Read More
16 Jul 2019

Failures in Cybersecurity Fundamentals Still Primary Cause of Compromise: Report

Researchers with Secureworks warn that while threat actors are targeting firms with increasingly sophisticated attack campaigns, “the same issues and security gaps are blighting organizations’ ability to identify and respond to threats.” Common shortcomings in cybersecurity programs still include basic issues like poor visibility, lack of multi-factor authentication (MFA), and

Read More