Cybercriminals are constantly coming up with new methods to deliver their spam and phishing messages to both individuals and businesses. Armed with the knowledge of the latest trends, they take advantage of the seismic shift in digital habits during the pandemic to launch social engineering attacks such as phishing emails.
In 2021, Kaspersky’s Anti-Phishing system blocked a total of 11,260,643 phishing links in SEA. Most of it were blocked on devices of Kaspersky users in Vietnam, Indonesia, and Malaysia.
The remote work triggered more attempts to phish corporate details for the past two years. Among the rising trends is business e-mail compromise (BEC).
BEC attacks are a type of fraud that involves impersonating a representative from a trusted business. A BEC attack is defined as a targeted cybercriminal campaign that works by:
Kaspersky experts are increasingly observing BEC attacks. In Q4 2021, Kaspersky products prevented over 8000 BEC attacks, with the greatest number (5,037) occurring in October.
Throughout 2021, the company’s researchers closely analyzed the way fraudsters craft and spread fake emails. As the result, they found out that the attacks tend to fall into two categories: large-scale and highly targeted.
The former is called “BEC-as-a-Service”, whereby attacks simplify the mechanics behind the attack in order to reach as many victims as possible. Attackers sent streamlined messages en masse from free mail accounts, with the hope of snaring as many victims as possible. Such messages often lack high levels of sophistication, but they are efficient.
The above message is an example of a mass-scale CEO scam scheme.
In this scenario, an employee receives a fake email from a more senior colleague. The message is always vague telling that one has a request to handle. A victim may be asked to urgently pay off some contract, settle some financial conflict, or share sensitive information with a third party. Any employee may potentially become a victim. Of course, there are several noticeable red flags in such a message. There is no corporate account used, and the sender clearly is not a native speaker.
At the same time that some criminals are relying on simplified mass mailouts, others are turning towards more advanced, targeted BEC attacks. The process works as follows: attackers first attack an intermediary mailbox, gaining access to that account’s e-mail.
Then, once they find a suitable correspondence in the compromised mailbox of the intermediary company (say, financial matters or technical issues related to work), they continue the correspondence with the targeted company, impersonating the intermediary company. Often the goal is to persuade the victim to transfer money or install malware.
Since the target is, in fact, engaging in the conversation referenced by the attackers, they are far more likely to fall victim to the scam. Such attacks have proven to be highly effective, and that’s why they’re not only used by small-time criminals looking to make a quick profit.
According to Kaspersky, the data showed that by including hot topics and phrases related to their online activities like shopping and streaming entertainment or the COVID-19 pandemic in their messages, the chances of an unsuspected user clicking infected links or malicious attachments increase tremendously. To learn more, kindly visit www.kaspersky.com.