• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

BEC Attackers Spoof CC’d Execs to Force Payment

You are here: Home / General Cyber Security News / BEC Attackers Spoof CC’d Execs to Force Payment
May 16, 2023

Security scientists have uncovered an additional new growth in business email compromise (BEC) created to increase pressure on the receiver to pay back a fake bill.

Dubbed “VIP Bill Authentication Fraud” by Armorblox, the tactic is utilised in basic phony email messages built to impersonate trusted vendors or other third get-togethers that the target firm routinely pays.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Read through far more on BEC developments: BEC Group Employs Open up Supply Strategies in Hundreds of Attacks.

The fraudster will send an bill ask for to a concentrate on – likely doing the job in the finance workforce of the victim corporation – but crucially also copies in (cc) the target’s boss, or instead a spoofed email area resembling the boss’s email.

“Upon sending the initial email attack, the lousy actor will then reply to the email thread, applying the spoofed domain account to impersonate the victim’s boss and instruct them to pay the invoice as shortly as doable,” Armorblox described.

“Without appropriate hindsight, this email replay appears to be like like a legit reaction coming from his or her reliable executive or manager. This only adds to the sense of urgency to spend the invoice, and raises the risk of economical loss for the business on compliance with this ask for.”

With each provider and now their boss urging prompt payment, it is more most likely that the sufferer will go in advance and system the transfer, the security seller argued.

Nonetheless, there are nonetheless ways to mitigate the impact of these types of attacks. Armorblox pointed to a number of strategies which security teams ought to be able to use:

  • Detection of spoofed sender and executive domains
  • Use of big language designs (LLMs) to detect a sense of urgency in the email and the payment ask for. When blended with the presence of spoofed domains, this should really flag the email as fraudulent
  • Use of device mastering and deep understanding types to detect traits indicating a blend of “VIP Impersonation Fraud” and “External Payment Fraud” attacks

Some areas of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «inside qilin ransomware: affiliates take home 85% of ransom payouts Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts
Next Post: China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks china's mustang panda hackers exploit tp link routers for persistent attacks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.