IBM X-Force IRIS Uncovers Active Business Email Compromise Campaign [securityintelligence]
by CIRT Team
IBM X-Force Incident Response and Intelligence Services (IRIS) assesses that threat groups of likely Nigerian origin are engaged in a widespread credential harvesting, phishing and social engineering campaign designed to steal financial assets. Beginning in the fall of 2017, X-Force IRIS experienced a significant increase in clients reporting instances of fraud or attempted fraud via wire transfer payments. These threat groups successfully used business email compromise (BEC) scams to convince accounts payable personnel at some Fortune 500 companies to initiate fraudulent wire transfers into attacker-controlled accounts, resulting in the theft of millions of dollars.
This X-Force IRIS report identifies and analyzes two examples of those BEC scams. Although BEC scams are not new, the examples described here detail how attackers used stolen email credentials and sophisticated social engineering tactics without compromising the corporate network to defraud a company. The objective of this report is to inform customers of the BEC threat by exposing the specific tactics used to deceive victims and offer recommendations that companies can immediately implement to help reduce the risk of falling prey to BEC scams.
For more, click here.