Application security, Threat Management, Malware, Phishing

Business Email Compromise phishing scam found targeting diverse array of industries

An organized phishing scam operation likely based out of West Africa has been attempting to steal the business email credentials of users across a broad spectrum of industries, in hopes of compromising their accounts and leveraging them for even more targeted spear phishing scams, researchers at Flashpoint have reported.

According to a Flashpoint blog post on Tuesday, the Business Email Compromise (BEC) campaign has targeted universities, software and technology companies, retailers, engineering organizations, real estate firms, and churches from March 28 through at least Aug. 8.

The phishers' weapon of choice: PDF files containing embedded, malicious links that redirect victims to credential-stealing websites. Flashpoint has discovered 73 such PDFs linking to 29 distinct malicious domains.

"Upon opening the PDF, the potential victim would be presented with a prompt to view a secure online document; when clicked, this prompt would redirect the victim to a phishing website to input their login credentials," the blog post explains. "Once a victim enters their login credentials, the script redirects the victim to a document or web page owned by the targeted organization."

The scammers then use the stolen credentials to send spear phishing emails to the victim's business contacts, lending instantly credibility to the fraudulent communications.

Flashpoint suspects the culprits are based in Western Africa due to the originating IP addresses of the phishing emails, as well as because the actors' tactics and behaviors match those often exhibited by scammers based in this region -- including a penchant for avoiding the use of malware, and a lack of operational security practices.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.