< ciso
brief />
Tag Banner

All news with #business email compromise tag

118 articles · page 3 of 6

Ghanaian Pleads Guilty in $100M Romance and BEC Fraud

🔒 Derrick Van Yeboah, a 40-year-old Ghanaian national, pleaded guilty to conspiracy to commit wire fraud for his role in a transnational fraud ring that prosecutors say stole more than $100 million through romance scams and business email compromise attacks. Extradited to the U.S. in August 2025, he agreed to pay over $10 million in restitution and faces up to 20 years in prison. Prosecutors say he personally carried out many romance scams that targeted vulnerable Americans and worked with U.S. and West African accomplices to launder proceeds.
read more →

Inside Business Email Compromise: Tactics and Real Costs

📧 Business email compromise (BEC) is a targeted fraud where attackers impersonate executives, vendors, or partners to trick employees into wiring funds or revealing sensitive data. Last year BEC caused $2.7 billion in losses and increasingly uses techniques like AI-based voice/text cloning, QR-code scams, and conversation hijacking. These attacks often require no malware, relying instead on reconnaissance and trust. Defenses include multi-factor verification, approval tiers, employee training, and advanced email authentication and detection.
read more →

Preventing Business Email Compromise: Practical Steps

🔒Business email compromise (BEC) is a high-impact social engineering threat that targets organizations' financial and identity workflows. The article outlines pragmatic defenses: enforce MFA, validate DMARC/DKIM/SPF, deploy advanced phishing and spoofing filters, and maintain continuous security awareness training with simulated attacks. It also recommends dual-approval for large transfers, stricter help-desk verification, and monitoring for anomalies such as mailbox forwarding rules, impossible-travel logins, and last-minute bank-detail changes to accelerate detection and response.
read more →

Recognizing Red Flags of Business Email Compromise

🔎 Business Email Compromise (BEC) exploits social engineering and subtle technical deception to manipulate employees and bypass controls. Attackers use domain tweaks, display-name spoofing, urgent off-hours requests, and impersonation to pressure finance, HR, or operations into transfers or data disclosure. Inspect headers and SPF/DKIM/DMARC, enforce MFA, run phishing simulations, and maintain a strict verification culture.
read more →

Device-Code Phishing Uses OAuth to Bypass Microsoft 365

🔐 Researchers at KnowBe4 discovered a campaign aimed at North American businesses that tricks employees into entering a “Secure Authorization” code on a legitimate Microsoft 365 login page. Unknown to victims, the code actually authorizes an attacker-controlled device through the OAuth 2.0 Device Authorization Grant, issuing access and refresh tokens that grant persistent access to Outlook, Teams, OneDrive and other services. Recommended mitigations include allowlisting OAuth apps, disabling device-code flow in Entra conditional access where feasible, auditing integrations, and ongoing employee awareness training.
read more →

Nigerian Hacker Sentenced to Eight Years for Tax Fraud

🔒 A Nigerian national, Matthew Abiodun Akande, was sentenced to eight years in prison after hacking multiple Massachusetts tax preparation firms and filing over 1,000 fraudulent tax returns seeking more than $8.1 million in refunds. Authorities say he stole clients' Social Security numbers and prior-year tax data by deploying the Warzone RAT masked with a crypter, and used convincing CEO-impersonation phishing messages with a Dropbox link to silently install malware. Akande was arrested in October 2024 at London’s Heathrow Airport, extradited to the U.S. in March 2025, and ordered to pay nearly $1.4 million in restitution plus three years of supervised release.
read more →

Operation DoppelBrand: Phishing Targets Major Firms

🔒 SOCRadar has uncovered a phishing campaign named Operation DoppelBrand that targeted Fortune 500 financial, insurance and technology firms between December 2025 and January 2026. The activity is attributed to financially motivated actor GS7 and relies on lookalike domains and cloned login portals to harvest credentials, which are forwarded to Telegram bots. Successful compromises often result in the deployment of legitimate remote access tools such as LogMeIn Resolve, delivered via MSI installers and supported by VBS loaders for privilege escalation and silent installation.
read more →

Spam and Phishing Trends and Schemes Observed in 2025

🔒 Kaspersky's anti-phishing systems blocked more than 554 million phishing-link attempts in 2025, while Mail Anti-Virus intercepted nearly 145 million malicious attachments and almost 45% of all email traffic was identified as spam. Scammers refined tactics across ticketing and streaming fraud, messaging-app account takeovers, government impersonation, and KYC harvesting, often using AI-generated content and deepfakes. Messaging platforms such as Telegram and WhatsApp were heavily abused to hijack accounts via phishing and malicious Mini Apps. Users are advised to check URLs carefully, never share verification codes, enable two-factor authentication, and run robust protection like Kaspersky solutions.
read more →

Fake Dubai Crown Prince Traced to Nigerian Mansion

🔎 A detailed investigation by OCCRP traced a romance scammer who impersonated the Crown Prince of Dubai and defrauded a Romanian businesswoman of more than US $2.5 million. Over two years the con combined thousands of messages, staged in-person meetings, and an elaborate fake banking site showing a phantom £200 million balance. Photographs and bank-trace evidence led reporters and UK police to identify intermediaries and to locate the suspect at a mansion in Abuja, Nigeria. The case underscores the sophistication and international reach of modern romance and investment scams.
read more →

Identities Targeted as Cybercriminals Shift Tactics Now

🔐 The Eye Security 2026 State of Incident Response Report finds that cyberattacks on companies are increasingly undetected and that attackers are shifting from technical exploitation to abusing existing access and credentials, with damage often occurring within minutes. The study reports passwords were involved in 97% of tracked incidents and that BEC accounted for over 70% of cases, with phishing initiating 40% of those intrusions. It also highlights the rise of Ransomware-as-a-Service, access broker marketplaces, and the commercialization of insider access, identifying industrial, construction, and transport firms as particularly affected based on 630 European incidents analyzed from 2023–2025.
read more →

PDF Phishing Campaign Targets Corporate Dropbox Credentials

🔒Forcepoint X-Labs has warned of a multi-stage phishing campaign that uses short, business-themed emails and PDF attachments to harvest corporate Dropbox credentials. The PDFs contain embedded AcroForm links that limit scanning by security tools and redirect victims to a legitimate cloud-hosted portal serving a spoofed login page. By leveraging reputable cloud infrastructure, the attackers reduce suspicion and bypass many automated reputation checks. Submitted credentials are exfiltrated to a Telegram channel, enabling account takeover and follow-on abuse.
read more →

Mandiant: ShinyHunters Exploit SSO and Vishing Campaigns

🔒 Mandiant reports a recent wave of ShinyHunters attacks that combine targeted vishing and company‑branded phishing sites to capture SSO credentials and MFA codes. Attackers impersonate IT or helpdesk staff, guide victims through MFA approval or one‑time passcodes in real time, and enroll attacker-controlled MFA devices. With access to Okta, Microsoft Entra, or Google SSO dashboards they pivot into SaaS platforms (Salesforce, Microsoft 365, SharePoint, DocuSign, Slack, Atlassian, Dropbox, Google Drive) to steal and extort cloud data.
read more →

NCA and NatWest Warn Businesses of Invoice Fraud Risks

⚠️ NatWest and the UK's National Crime Agency (NCA) have launched a joint awareness campaign to highlight rising invoice fraud affecting businesses, including BEC and payment redirection. The initiative warns that fraudsters impersonate suppliers, intercept emails and pressure victims into urgent payments that are then diverted. Guidance urges businesses to Check, Verify, Never transfer funds until payment details are independently confirmed. The campaign also stresses that Accounts Payable and Finance teams are frequent targets of these schemes.
read more →

Identities in Focus as Cybercriminals Shift Tactics Worldwide

🔐 The State of Incident Response Report 2026 from Eye Security finds cybercriminals increasingly exploiting legitimate credentials rather than breaking systems. Identity-based attacks now dominate, with 97% of incidents involving passwords and Business Email Compromise making up over 70% of cases. Ransomware remains a major threat as RaaS and access-broker marketplaces lower barriers. Analysis of 630 European incidents (2023–2025) shows many breaches begin with phishing, misconfigured internet-facing systems, or social engineering, and can go undetected for weeks.
read more →

Microsoft Flags Multi-Stage AitM Phishing in Energy Sector

🔒 Microsoft warns of a multi-stage adversary-in-the-middle (AitM) phishing and BEC campaign targeting the energy sector. The attackers abused SharePoint file-sharing and legitimate trusted addresses (a living-off-trusted-sites, LOTS, technique) to deliver credential-harvesting links, then used stolen session cookies and inbox rules to persist and hide activity. Microsoft says simple password resets are insufficient; organizations must revoke sessions, remove malicious rules, and enforce phishing-resistant controls.
read more →

Attackers Exploit Microsoft Teams to Phish Users Worldwide

📧 Attackers abused Microsoft Teams functionality to distribute phishing content that appears to come from legitimate services. They created guest invitations and finance-themed team names that mimic billing and subscription notices, prompting recipients to contact a fraudulent support phone number. The campaign sent 12,866 phishing messages (about 990 per day) and targeted 6,135 users. Recipients were encouraged to call attackers posing as support to resolve fake payment issues.
read more →

UK Executives Warn They May Not Survive Cyber Attacks

🔒 Vodafone Business polled 1,000 senior UK leaders and found 89% are more alert to cyber threats after high-profile breaches, yet 10% said their organisations would likely not survive a similar incident. The survey highlights poor preparedness — only 45% confirmed basic cyber-awareness training and staff commonly reuse passwords across personal accounts. Leaders also warned that AI-enabled deepfakes complicate detection and response. Policymakers and telcos have introduced a second Fraud Sector Charter to harden networks, verify SMS sender IDs, enable traceback for suspicious calls and improve threat sharing and victim support.
read more →

Resurgence of AiTM and BEC campaign abusing SharePoint

🔒 Microsoft Defender researchers uncovered a multi‑stage AiTM phishing and BEC campaign that abused SharePoint file‑sharing to deliver credential‑harvesting traps and maintain persistence by creating malicious inbox rules. Attackers used trusted vendor‑style lures and legitimate SharePoint redirects to capture session cookies or credentials, then expanded the campaign across energy sector organizations by sending more than 600 phishing messages from compromised accounts. Defender XDR and Office 365 detections exposed session cookie theft, replay attempts, and malicious inbox rules — remediation requires revoking session cookies, deleting attacker‑created inbox rules, and restoring MFA controls in addition to password resets.
read more →

Phishing, Spoofed Sites Top Cyber Risks for Milano 2026

🔒 Palo Alto Networks' assessment identifies phishing and spoofed websites as the primary initial access vectors for the Milano-Cortina 2026 Winter Games. Researchers highlight business email compromise (BEC) as central to these campaigns, noting 76% of observed phishing relied on BEC to exploit trust among staff, partners and suppliers. The report warns that ransomware groups, nation-state actors and hacktivists will target ticketing, payment systems and APIs, and it advises basic vigilance, supplier vetting and reputable purchasing to reduce consumer risk.
read more →

LinkedIn: Why Threat Actors Target Professionals Now

🔒 LinkedIn's vast professional network provides abundant intelligence that threat actors exploit to support spear-phishing, business email compromise and direct recruitment efforts. Profiles and connections help attackers craft highly credible lures, while messages sent within the platform can bypass corporate email controls. To reduce risk, users should limit public detail, enable MFA, maintain patched devices and complete targeted security awareness training focused on fake profiles and malicious DMs.
read more →