GoKawiilBusiness Email Compromise (BEC) is often described in the media as merely an email scam, but in reality, it’s part of an organized broad operation. The email itself is only one part of the attack chain. In order to support a successful monetization of email fraud, attackers need to be patient and learn about the procurement process in the organization, and to build or rent an entire infrastructure and operation.
A single BEC often includes gaining access to their targeted business, gathering raw data, analyzing the mailbox context, building reliable communication channel, accessing t reliable payment infrastructure, orchestrating everything in the right timing, and finding a way to move money after it’s stolen.
Flare researchers sampled and analyzed underground posts related to BEC from the past year; Highlights of the findings include:
AI-powered BEC is getting popular, reducing the learning time and increasing the scam “quality”.
Actors are interested mainly in SaaS accounts (such as O365). Corporate leadership and financial employees are the most desired targets.
There are special call centers designed to apply pressure on a targeted business to finalize the fraudulent payment.
Cash-out is the biggest bottleneck of BEC, hackers need to find relevant business bank accounts or cash-out partners which is relatively considered a difficult task.
BEC Exceeds the Boundaries of Email
BEC begins with access to an organizational mailbox or a business SaaS account. Once in, the threat actors often analyze the account, then study and map the organization, mainly by understanding organizational structure and specifically financial privileges, procurement process, internal conversations, communication with vendors, and invoices.
After everything is collected, the threat actors can attempt to make a fraudulent request.
... continue reading