A new PSA warns of attacks launched against users of two popular cloud-based email systems.

Dark Reading Staff, Dark Reading

April 7, 2020

1 Min Read

If your organization uses a popular cloud-based email system, you're at an increased risk for business email compromise (BEC), according to a new public service announcement (PSA) from the FBI. The bureau warns that the email scams begin with phish kits specifically designed to mimic two popular cloud-based email services in order to lure employees into compromising business email accounts and misdirecting funds transfers.

The FBI says the Internet Crime Complaint Center (IC3), between January 2014 and October 2019, received complaints totaling more than $2.1 billion in actual losses from BEC scams. The bureau explains that most current campaigns work to first get email account credentials, which are then used to launch financial fraud campaigns involving forwarded email messages, requests for out-of-channel funds transfers, and deleted accounting trails.

The PSA provides a number of tips for both end users and IT administrators, with suggestions ranging from enabling multifactor authentication to prohibiting automatic forwarding of messages to external addresses.

Read more here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "This Is Not Your Father's Ransomware."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights