< ciso
brief />
Tag Banner

All news with #business email compromise tag

118 articles · page 2 of 6

April 2026 security roundup: Tony Anscombe insights

🔒 ESET Chief Security Evangelist Tony Anscombe reviews April’s top cybersecurity developments, including rising Microsoft Teams helpdesk impersonation scams, an Iranian-linked campaign targeting Rockwell programmable logic controllers exposed on U.S. critical infrastructure networks, and the FBI IC3’s finding that U.S. victims lost nearly $21 billion to cyber-enabled crime last year. Tony offers practical mitigation advice — from stricter verification and access controls for remote support to network segmentation, patching, and monitoring for industrial control systems — and invites viewers to watch the video for deeper context and comparisons to prior years.
read more →

Silent Subject Phishing Targets VIPs and Evades Filters

📧 Cybersecurity firm Cyberproof has identified a surge of “silent subject” phishing attacks in Q1 2026 that deliberately omit email subjects to evade filters and trigger recipient curiosity. These campaigns target executives and high-value accounts, delivering links, QR codes and attachments that often redirect to spoofed sites or mobile interactions. Attackers rotate domains, use shortened URLs and deploy legitimate tools like Datto RMM to persist. Organizations are advised to enforce MFA, inspect full sender addresses and deploy advanced content-aware email defenses.
read more →

Teams abused for helpdesk impersonation, warns Microsoft

🔒 Microsoft warns that threat actors are increasingly abusing external Microsoft Teams collaboration to impersonate IT or helpdesk staff and gain remote access. Attackers initiate cross-tenant chats to request remote assistance—commonly via Quick Assist—then perform reconnaissance and deploy small payloads into user-writable locations. They abuse trusted, signed applications for execution and use HTTPS-based C2 and tools like Rclone to exfiltrate filtered, high-value data, often blending into normal traffic. Administrators are urged to treat external Teams contacts as untrusted, restrict remote-assistance tools, and limit WinRM usage.
read more →

Attackers Use Microsoft Teams to Impersonate IT Support

🔒 Microsoft warns that attackers are exploiting Microsoft Teams cross-tenant features to impersonate IT helpdesk staff and trick employees into granting remote control. The cross-tenant helpdesk impersonation playbook leverages real-time chats, social engineering, and legitimate remote-support tools so access appears user-approved and avoids typical malware detections. Organizations are urged to tighten external access, restrict support workflows, enforce Zero Trust controls, and improve behavioral monitoring.
read more →

Apple account alerts abused to deliver phishing lures

📧 Threat actors are exploiting Apple account-change notifications to deliver callback phishing within legitimate emails sent from Apple's infrastructure. They place scam text into the account's first and last name fields, then trigger a shipping-info update so Apple sends the altered notification. Because messages are sent from appleid@id.apple.com and pass SPF, DKIM, and DMARC, they appear authentic and can bypass filters, increasing the risk of successful callback scams.
read more →

FBI and partners dismantle $20M W3LL phishing network

🛡️ The FBI Atlanta field office, together with US and Indonesian authorities, dismantled a large-scale phishing operation built around the W3LL phishing kit. The kit, sold via a members-only marketplace called W3LL Store, enabled attackers to clone login pages and harvest credentials for as little as $500. Investigators seized the w3ll.store domain, identified an alleged developer known as 'G.L.', and say the toolkit may have been used against over 17,000 victims worldwide between 2023 and 2025.
read more →

FBI: Americans Lost $21B to Cybercrime in 2025 - Record High

📈 The FBI reports U.S. victims lost a record $21 billion to cyber-enabled crime in 2025, a 26% rise from 2024, as the Internet Crime Complaint Center (IC3) logged more than one million complaints. Losses were led by investment fraud, business email compromise, tech-support scams, and data breaches, while cryptocurrency-related fraud topped $11 billion. The report includes 22,300 AI-related scam complaints totaling $893 million and shows seniors over 60 suffered disproportionately. The FBI says proactive interventions, including 3,900 Financial Fraud Kill Chain actions and Operation Level Up, helped freeze $679 million and alert thousands of likely victims; it urges verification before sending funds and reporting incidents to ic3.gov.
read more →

FBI: Over $17.7bn Lost to Cyber Fraud in US During 2025

🛡️ The FBI's 2025 Internet Crime Report shows US victims lost more than $17.7 billion to internet-enabled fraud, with the Internet Crime Complaint Center (IC3) receiving over one million complaints in 2025. Cryptocurrency investment scams were the single largest source of financial loss at $7.2 billion, followed by Business Email Compromise and fake tech support schemes. The report also highlights nearly $893 million lost to AI-enabled fraud and 22,364 AI-related complaints, warning that synthetic content and deepfakes are increasingly abused to perpetrate scams.
read more →

Nigerian Romance Scammer Sentenced After Exposure in US

⚖️ Saheed Sunday Owolabi, 35, was sentenced to 15 years in a U.S. federal prison after a jury convicted him of conspiracy to commit wire fraud and money laundering. Prosecutors described how he posed as women online to cultivate romantic relationships, then persuaded victims to transfer funds and provided bank accounts used to launder proceeds—more than $1.5 million sent to Nigeria. Chat logs showing he had attempted to swindle another fraudster undermined his claim of being a mere middleman, and images recovered from his phone displayed luxury purchases made with stolen funds.
read more →

Venom PhaaS Used in Global C-Suite Credential Theft

🔍 Abnormal researchers uncovered a targeted credential theft campaign active from November 2025 to March 2026 that focused on C‑suite and senior personnel across more than 20 industry verticals. The operation was powered by a previously undocumented phishing-as-a-service platform, Venom, and used SharePoint-themed lures with embedded QR codes. The phishing emails employed randomized HTML, fabricated multi-message threads and persona spoofing to evade detection and isolate human targets. Attackers used both AiTM relays and Microsoft’s device code flow to bypass MFA and achieve persistent access.
read more →

Democratisation of Business Email Compromise Fraud Trends

🔒 The Talos Threat Source newsletter warns that business email compromise (BEC) attacks have been democratised by AI, enabling attackers to cheaply and rapidly craft convincing payment requests that target small community organisations, charities, and businesses. Attackers can automate reconnaissance and generate tailored messages referencing projects, tone, and terminology. Defenders should verify unexpected payment requests via independent channels, enforce procurement controls, and increase awareness. The briefing also flags an automated credential-harvesting campaign exploiting React2Shell in Next.js applications that risks wide-scale token and key theft.
read more →

EvilTokens kit powers Microsoft device-code phishing

⚠️ EvilTokens is a commercially sold phishing kit that abuses the device code authorization flow to hijack Microsoft accounts and enable advanced BEC operations. Distributed via Telegram, campaigns deliver document lures with QR codes or links to phishing templates impersonating trusted services and workflows. Victims are prompted to authenticate on the real Microsoft device login, producing short-lived access tokens and refresh tokens that give attackers immediate and persistent access. Sekoia reported global campaigns and published IoCs and YARA rules; the author says support for Gmail and Okta is planned.
read more →

Tax Season Sees New Phishing and RMM-based Tactics

🧾Proofpoint researchers reported a surge of tax-themed campaigns in early 2026 delivering malware, remote access tools, fraud schemes and credential-phishing. The advisory published on March 30 notes increasing use of remote monitoring and management (RMM) tools and activity from newly identified threat actors. Attacks include BEC requests for W-2/W-9 forms and fake login pages targeting W-8BEN updates. Organisations are advised to educate users and monitor for topical tax lures during filing periods.
read more →

Invoice Fraud Costs UK Construction Sector Millions

⚠️ The UK's NCA, alongside the National Federation of Builders (NFB), has warned finance and accounts payable teams in construction about a rise in invoice fraud, a form of BEC that cost victims almost £4m in September 2025. Fraudsters impersonate or hijack supplier emails to change bank details on invoices, exploiting complex subcontractor networks and insecure email channels. The campaign urges staff to verify invoice changes by calling suppliers, delay payments until details are confirmed, and strengthen IT controls such as strong passwords, multi‑factor authentication and up‑to‑date anti‑malware.
read more →

Phishers Abuse Bubble to Steal Microsoft Account Credentials

🔒 Threat actors are abusing the no-code Bubble AI app builder to host phishing pages that harvest Microsoft account credentials. Because apps are hosted under *.bubble.io, email security tools often treat the links as legitimate and fail to flag them. Kaspersky researchers found attackers use obfuscated JavaScript and Shadow DOM structures to redirect victims to Microsoft-like login forms, sometimes behind Cloudflare checks, to exfiltrate entered credentials.
read more →

Microsoft: IRS-themed Phishing Hits 29,000, RMM Abused

⚠️Microsoft reported large-scale IRS-themed phishing campaigns in February 2026 that targeted more than 29,000 users across 10,000 organizations, using tax refund, payroll and W‑2 lures to harvest credentials and deliver remote access tools. Attackers leveraged Phishing-as-a-Service kits (notably Energy365 and SneakyLog/Kratos) and abused legitimate RMM products such as ScreenConnect, Datto, and SimpleHelp to maintain persistent access. Microsoft advises enforcing 2FA, applying conditional access, and blocking malicious domains and payloads to reduce exposure.
read more →

Russian Intelligence Targets Commercial Messaging Accounts

🔒 CISA and the Federal Bureau of Investigation issued a joint Public Service Announcement warning of ongoing phishing campaigns by cyber actors associated with Russian intelligence services targeting commercial messaging applications (CMAs). The campaigns seek to bypass encryption by compromising individual user accounts rather than breaking application cryptography. Evidence indicates thousands of CMA accounts have been accessed to view messages and contact lists, send messages, and conduct follow-on phishing. CISA and FBI urge users to review the PSA, adopt recommended cybersecurity practices, and remain vigilant for suspicious activity.
read more →

Nordstrom Email System Used to Send Cryptocurrency Scams

📧 Customers of upscale retailer Nordstrom received fraudulent emails sent from a legitimate nordstrom@eml.nordstrom.com address that promoted a cryptocurrency doubling scheme disguised as a St Patrick's Day promotion. The messages used official-looking images and branding and pressured recipients with a two-hour deadline. A source told BleepingComputer the incident likely involved an Okta SSO compromise leading to abuse of Salesforce Experience Cloud. Nordstrom warned the messages were unauthorized and advised customers not to send funds.
read more →

FBI: Phishing Scam Targets City and County Permit Applicants

⚠️ The FBI warns that criminals are impersonating city and county planning and zoning officials to phish businesses and individuals with active land-use or permit applications. Victims receive emails referencing permit details, zoning application numbers, or property addresses and are instructed to pay invoices via wire transfers, peer-to-peer platforms, or cryptocurrency, often pressured with urgency. The agency urges recipients to verify sender domains, call local government offices to confirm fees, and report incidents to the IC3.
read more →

Ghanaian Pleads Guilty in $100M Romance and BEC Scam

🔒 A Ghanaian national, Derrick Van Yeboah, has pleaded guilty to conspiracy in a global fraud ring blamed for over $100 million in victim losses. Prosecutors say Van Yeboah impersonated romantic partners and corporate leaders to induce victims and orchestrated laundering of stolen funds, accounting for roughly 10% of the operation's take. He faces up to 20 years in prison and agreed to $10.1m in restitution and forfeiture; his plea follows extradition and indictment last year.
read more →