Threat Management, Email security, Vulnerability Management

Widespread gift card BEC attack detailed

Cybercrime operation Lilac Wolverine has launched a massive gift card business email compromise attack, which lures targets into giving gift cards to individuals posing as seriously ill people or having lost relatives to illnesses, ZDNET reports. Attackers who have successfully compromised an email address have resorted to copying the victim's address book and proceeding to create a similar account through free webmail services, an Abnormal Security report revealed. The newly created email accounts are then used for BEC phishing lure delivery in an effort to better evade detection and suspicion. "The pretexts the group uses in their BEC campaigns are meant to elicit an emotional response that they hope would persuade a target to comply with their request. Like other gift card BEC attacks, since the target population is substantially larger than other types of attacks, their success rate doesn't need to be that high to get a good return on investment on their campaigns," said Abnormal Security Director of Threat Intelligence Crane Hassold.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.