All news with #business email compromise tag

⚖️ The U.S. Securities and Exchange Commission has filed charges alleging an elaborate cryptocurrency fraud that stole more than $14 million from retail investors. The complaint names trading platforms Morocoin Tech, Berge Blockchain, and Cirkor and investment clubs that lured victims with fake AI-generated investment tips on WhatsApp. Investors were steered into bogus Security Token Offerings and fake trading platforms that later froze accounts and demanded advance fees. The SEC is seeking injunctions, civil penalties, and repayment with prejudgment interest.

🔍 Interpol’s month-long Operation Sentinel targeted cybercriminal infrastructure across 19 African countries, producing 574 arrests, the decryption of six ransomware strains, and the takedown of roughly 6,000 malicious links. The sweep also uncovered a business email compromise (BEC) scheme that nearly cost a petroleum company $7.9 million and helped recover about $3 million. National law enforcement teams in Ghana, Benin and Cameroon executed targeted takedowns, recovered terabytes of data, and seized devices and servers with assistance from private cybersecurity organizations.

🛡️ INTERPOL coordinated Operation Sentinel between Oct. 27 and Nov. 27, 2025, recovering $3 million and prompting the arrest of 574 suspects across 19 African countries. The campaign targeted business email compromise, digital extortion and ransomware, taking down over 6,000 malicious links and decrypting six ransomware variants. Authorities disrupted fraud rings that stole more than $400,000 and seized devices and servers. Separately, a Ukrainian national pleaded guilty for his role as a Nefilim ransomware affiliate.

🔍 Operation Sentinel, coordinated by Interpol, resulted in 574 arrests across Africa during the month-long campaign from 27 October to 27 November. Authorities recovered $3m in alleged cybercrime proceeds, decrypted six ransomware variants and removed around 6,000 malicious links and domains. Key interventions included halting a $7.9m fraudulent wire transfer in Senegal and recovering 30TB of data encrypted in an attack on a Ghanaian financial institution. The operation involved national forces and industry partners such as Team Cymru and Trend Micro.

📧 Fortra researchers have identified a global business email compromise (BEC) collective dubbed Scripted Sparrow that is sending an estimated 4–6 million highly tailored messages each month. The group poses as executive coaching and leadership consultancies, registering numerous domains and webmail addresses while sending spoofed reply chains with fake invoices and W‑9 forms to Accounts Payable teams. Fortra urges organisations to enforce strict payment approval protocols, verify requests via official channels and never trust embedded reply chains.

🔒 Authorities in Nigeria arrested three alleged internet fraud suspects, including the principal developer of the RaccoonO365 phishing-as-a-service toolkit, following a joint investigation with Microsoft and the FBI. Investigators say the suspect operated a Telegram channel selling phishing links for cryptocurrency, hosted fraudulent Cloudflare portals, and used stolen or fraudulently obtained credentials to harvest Microsoft 365 logins. Laptops, mobile devices, and other evidence were seized during searches.

🔐 Proofpoint has observed a sharp increase in phishing campaigns that abuse Microsoft's OAuth device code authorization flow to gain access to Microsoft 365 accounts. Attackers use social engineering — QR codes, embedded buttons and hyperlinks — to trick users into entering device codes on Microsoft's legitimate verification page, which yields valid access tokens. Readily available tools such as SquarePhish2 and Graphish have lowered the bar for both state-aligned and financially motivated actors.

🚨 European and Ukrainian authorities dismantled a large fraud ring operating call centers in Dnipro, Ivano-Frankivsk and Kyiv, arresting 12 suspects and seizing vehicles, weapons, a polygraph machine, computers, cash, and forged IDs after 72 coordinated searches on December 9. The network, which employed about 100 people from across Europe, scammed over 400 victims and stole more than €10 million using impersonation, remote-access tools and in-person cash pickups. The multi-country operation was led by investigators from the Czech Republic, Latvia, Lithuania and Ukraine with support from Eurojust.

🔒2025 saw substantial attacker innovation in phishing, with identity-focused techniques becoming more effective and pervasive. Phishing moved beyond email into omni-channel vectors such as LinkedIn DMs, malicious search results, compromised sites and malvertising, which evade traditional email defenses. Criminal PhaaS kits (Tycoon, Sneaky2FA, Evilginx variants and others) commoditized AiTM and MFA-bypass capabilities. Security teams are urged to expand detection into the browser and close visibility gaps with browser-based response.

⚠️ BleepingComputer warns that attackers are abusing PayPal's Subscriptions feature to send legitimate-looking emails from service@paypal.com that include fake purchase notifications embedded in the Customer Service URL field. The messages pass DKIM/SPF and originate from PayPal mail servers, but include manipulated metadata or API-supplied text and obfuscated Unicode to evade filters. Recipients are advised to ignore the phone number in such emails and verify charges directly in their PayPal account.

🎯 Whaling attacks are highly targeted social engineering campaigns aimed at senior executives that combine reconnaissance, spoofing, and urgency to trick leaders into divulging credentials, approving transfers, or executing malware-laden actions. Threat actors exploit executives’ visibility, limited time, and privileged access, and increasingly leverage generative AI and deepfakes to scale and refine impersonations. Key defenses include personalised executive simulations, strict multi-party approval flows for high-value transfers, AI-enhanced email filtering, deepfake detection, and a Zero Trust approach to access.

🔔 Momberger – Lack & Technik warns customers of a targeted email fraud campaign that began on December 1. The company says unauthorized access to an email account was used to send forged messages requesting payment of fictitious invoices; only existing customer addresses were targeted. Momberger urges recipients not to pay, open links, or attachments, and says systems have been secured while additional protections and authorities are involved.

📧 Fortinet was named a Challenger in the 2025 Gartner Magic Quadrant for Email Security, reflecting continued progress across its email protection portfolio. FortiMail Email Security and FortiMail Workspace Security combine AI-native detection, sandboxing, DMARC, enhanced BEC and account takeover defenses, and flexible on-premises and cloud deployment options. The company positions this suite as a cost-effective, integrated alternative that also extends protection to web browsers, cloud storage, and collaboration apps.

🔒 Today's low-cost AI services have industrialized cybercrime, enabling novice actors to produce highly convincing BEC and phishing content at scale. Tools such as WormGPT, FraudGPT, and SpamGPT remove traditional barriers by generating personalized messages, exploit code, and automated delivery that evade static filters. Defensive detection alone is insufficient when signatures continually mutate; organizations must protect identity and neutralize credential exposure. Join the webinar to learn targeted signatures and access-point controls to stop attacks even after a click.

📅 A targeted phishing campaign uses fake Calendly meeting invitations impersonating recruiters from major brands to harvest Google Workspace and Facebook Business credentials. The lures are professionally crafted—likely produced with AI—and direct victims through a CAPTCHA to an AiTM credential‑harvesting flow capable of bypassing some 2FA protections. Compromised ad manager accounts are then leveraged for malvertising, geo‑targeted attacks, device‑specific campaigns, or resale on illicit markets.

🔒 Professionals routinely share work-related details on platforms such as LinkedIn, GitHub and consumer networks like Instagram and X, creating a public intelligence trove that attackers readily exploit. Job titles, project names, vendor relationships, commit metadata and travel plans are commonly weaponised into spearphishing, BEC and deepfake-enabled schemes. Organisations should emphasise security awareness, implement clear social media policies, enforce MFA and password managers, actively monitor public accounts and run red-team exercises to validate controls.

🔒 Security researchers warn that a cross-tenant collaboration design in Microsoft Teams can cause a user's Defender for Office 365 protections to be dropped when they accept a guest invitation and join another tenant. The default-enabled feature MC1182004 (chat with any email) lowers the bar for attackers to spin up hostile tenants and deliver links or files that bypass URL scanning, Safe Links, file sandboxing and zero-hour auto purge. Administrators are advised to treat guest access as a trust boundary: restrict B2B invites to vetted domains, enforce Entra ID cross-tenant policies, and disable the 'chat with Anyone' capability where appropriate.

🔐 The Tycoon 2FA phishing kit is a turnkey, scalable Phishing-as-a-Service that automates real-time credential and MFA relay attacks against Microsoft 365 and Gmail. It provisions fake login pages and reverse proxies, intercepts usernames, passwords and session cookies, then proxies the MFA flow so victims unknowingly authenticate attackers. The kit includes obfuscation, compression, bot-filtering, CAPTCHA and debugger checks to evade detection and only reveals full behavior to human targets. Organizations are urged to adopt FIDO2-based, hardware-backed biometric and domain-bound authentication to prevent such relay attacks.

📧 KnowBe4 researchers have identified a phishing automation kit named Quantum Route Redirect (QRR) that uses roughly 1,000 domains to harvest Microsoft 365 credentials. The platform is preconfigured with common lures—DocuSign requests, payment notifications, missed voicemail notices and QR prompts—and typically hosts landing pages on parked or compromised legitimate domains to aid social engineering and evade detection. QRR includes a built-in filter that distinguishes humans from bots and security scanners, redirecting genuine users to credential-harvesting pages while sending automated systems to benign sites. Most observed attacks target U.S. users, and defenders are urged to deploy robust URL filtering and continuous account monitoring.

🔒 Most email blackmail attempts are mass scams that exploit leaked personal data and fear to extort cryptocurrency from victims. The article outlines common themes — fake device hacks, sextortion, and even fabricated death threats — and describes regional campaigns where attackers impersonate law enforcement in Europe and CIS states. It highlights detection signs and practical defenses, urging verification, use of reliable security solutions, and reporting threats through official channels.