Targeted BEC attacks steal business data in six countries, posing as HR | SC Media

Targeted BEC attacks steal business data in six countries, posing as HR

August 14, 2020
Workers prepare to hoist a piece of steel at Tower One site, Lower Manhattan, New York City, USA. Construction firms were among those whose business data was stolen in targeted BEC attacks in six countries. (Photo by Joe Woolhead/Construction Photography/Avalon/Getty Images)
  • Ensure email addresses are legitimate. When receiving an email, especially from an internal department such as the HR department, make sure it comes from a genuine sender. Hovering the mouse over the sender’s address can reveal that an email address may actually originate from another address.
  • Call the alleged sender on the phone. RedCurl's phishing messages are often sent from an attacker-registered domain that resembles the target’s domain name and uses legitimate cloud services, so calling the internal department the email appears from decreases the potential for a legitimate email address to be used. Additionally, it eliminates the possibility of very similar email addresses being misread or mistaken for a legitimate one.
  • Educate employees about BECs, social engineering and spoofing. Training should include instructions on how to spot phishing emails, how to report suspicious emails and when to speak up about suspicious links or attachments.
prestitial ad