Turkey-based threat group Cobalt Terrapin has been deploying a more sophisticated business email compromise campaign involving both vendor and executive impersonation since July, ZDNET reports. Targets of the new BEC attack are being sent personalized emails purporting to be from an executive of their company, with the email's legitimacy further established by attackers' decision to make the message seem part of an email thread, according to an Abnormal Security report. Such messages involved the victims being asked by the "boss" to facilitate a financial transaction related to a fraudulent business invoice mentioned in the email. "Like all BEC attacks, the reason traditional email defenses have a difficult time detecting them is because they don't contain any of the static indicators most defenses look out for, like malicious links or attachments. Most BEC attacks are nothing more than pure, text-based social engineering that traditional email defenses are not well-equipped to detect," said Abnormal Security Director of Threat Intelligence Crane Hassold.