A new PSA warns of attacks launched against users of two popular cloud-based email systems.
If your organization uses a popular cloud-based email system, you're at an increased risk for business email compromise (BEC), according to a new public service announcement (PSA) from the FBI. The bureau warns that the email scams begin with phish kits specifically designed to mimic two popular cloud-based email services in order to lure employees into compromising business email accounts and misdirecting funds transfers.
The FBI says the Internet Crime Complaint Center (IC3), between January 2014 and October 2019, received complaints totaling more than $2.1 billion in actual losses from BEC scams. The bureau explains that most current campaigns work to first get email account credentials, which are then used to launch financial fraud campaigns involving forwarded email messages, requests for out-of-channel funds transfers, and deleted accounting trails.
The PSA provides a number of tips for both end users and IT administrators, with suggestions ranging from enabling multifactor authentication to prohibiting automatic forwarding of messages to external addresses.
Read more here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "This Is Not Your Father's Ransomware."
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024