The FBI has disclosed that more than $43 billion has been lost from business email compromise attacks between June 2016 and December 2021, with BEC attack-related losses spiking by 65% from July 2019 to December 2021, reports VentureBeat.
Significant BEC attack losses have not surprised LARES Consulting Senior Security Consultant Andy Gill, who noted that the figures may even be underestimated as many BEC incidents may have been unreported. "BEC attacks continue to be one of the most active attack methods utilized by criminals because they work. If they didn't work as well as they do, the criminals would switch tactics to something with a larger ROI," Gill added. Meanwhile, Delinea Chief Security Scientist and Advisory Chief Information Security Officer Joseph Carson noted inadequate resources among most organizations impacted by BEC attacks. "Victims sometimes prefer not to report incidents if the amount is quite small but those who fall for larger financial fraud BEC that amounts to thousands or even sometimes millions of U.S. dollars must report the incident in the hope that they could recoup some of the losses," said Carson.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news