< ciso
brief />
Tag Banner

All news with #business email compromise tag

118 articles · page 5 of 6

European Authorities Dismantle Ukrainian Call-Center Scam

🚨 European and Ukrainian authorities dismantled a large fraud ring operating call centers in Dnipro, Ivano-Frankivsk and Kyiv, arresting 12 suspects and seizing vehicles, weapons, a polygraph machine, computers, cash, and forged IDs after 72 coordinated searches on December 9. The network, which employed about 100 people from across Europe, scammed over 400 victims and stole more than €10 million using impersonation, remote-access tools and in-person cash pickups. The multi-country operation was led by investigators from the Czech Republic, Latvia, Lithuania and Ukraine with support from Eurojust.
read more →

2025 Phishing Trends: Omni-channel Attacks and PhaaS

🔒2025 saw substantial attacker innovation in phishing, with identity-focused techniques becoming more effective and pervasive. Phishing moved beyond email into omni-channel vectors such as LinkedIn DMs, malicious search results, compromised sites and malvertising, which evade traditional email defenses. Criminal PhaaS kits (Tycoon, Sneaky2FA, Evilginx variants and others) commoditized AiTM and MFA-bypass capabilities. Security teams are urged to expand detection into the browser and close visibility gaps with browser-based response.
read more →

PayPal Subscriptions Abused to Send Fake Purchase Emails

⚠️ BleepingComputer warns that attackers are abusing PayPal's Subscriptions feature to send legitimate-looking emails from service@paypal.com that include fake purchase notifications embedded in the Customer Service URL field. The messages pass DKIM/SPF and originate from PayPal mail servers, but include manipulated metadata or API-supplied text and obfuscated Unicode to evade filters. Recipients are advised to ignore the phone number in such emails and verify charges directly in their PayPal account.
read more →

Whaling attacks against executives: risks and mitigation

🎯 Whaling attacks are highly targeted social engineering campaigns aimed at senior executives that combine reconnaissance, spoofing, and urgency to trick leaders into divulging credentials, approving transfers, or executing malware-laden actions. Threat actors exploit executives’ visibility, limited time, and privileged access, and increasingly leverage generative AI and deepfakes to scale and refine impersonations. Key defenses include personalised executive simulations, strict multi-party approval flows for high-value transfers, AI-enhanced email filtering, deepfake detection, and a Zero Trust approach to access.
read more →

Momberger Alerts Customers of Fraudulent Invoice Emails

🔔 Momberger – Lack & Technik warns customers of a targeted email fraud campaign that began on December 1. The company says unauthorized access to an email account was used to send forged messages requesting payment of fictitious invoices; only existing customer addresses were targeted. Momberger urges recipients not to pay, open links, or attachments, and says systems have been secured while additional protections and authorities are involved.
read more →

Fortinet Named Challenger in Gartner Email Security MQ

📧 Fortinet was named a Challenger in the 2025 Gartner Magic Quadrant for Email Security, reflecting continued progress across its email protection portfolio. FortiMail Email Security and FortiMail Workspace Security combine AI-native detection, sandboxing, DMARC, enhanced BEC and account takeover defenses, and flexible on-premises and cloud deployment options. The company positions this suite as a cost-effective, integrated alternative that also extends protection to web browsers, cloud storage, and collaboration apps.
read more →

AI Phishing Factories: Tools Fueling Modern BEC Attacks

🔒 Today's low-cost AI services have industrialized cybercrime, enabling novice actors to produce highly convincing BEC and phishing content at scale. Tools such as WormGPT, FraudGPT, and SpamGPT remove traditional barriers by generating personalized messages, exploit code, and automated delivery that evade static filters. Defensive detection alone is insufficient when signatures continually mutate; organizations must protect identity and neutralize credential exposure. Join the webinar to learn targeted signatures and access-point controls to stop attacks even after a click.
read more →

Fake Calendly Invites Spoof Brands to Hijack Ad Accounts

📅 A targeted phishing campaign uses fake Calendly meeting invitations impersonating recruiters from major brands to harvest Google Workspace and Facebook Business credentials. The lures are professionally crafted—likely produced with AI—and direct victims through a CAPTCHA to an AiTM credential‑harvesting flow capable of bypassing some 2FA protections. Compromised ad manager accounts are then leveraged for malvertising, geo‑targeted attacks, device‑specific campaigns, or resale on illicit markets.
read more →

Oversharing Risks: Employees Posting Too Much Online

🔒 Professionals routinely share work-related details on platforms such as LinkedIn, GitHub and consumer networks like Instagram and X, creating a public intelligence trove that attackers readily exploit. Job titles, project names, vendor relationships, commit metadata and travel plans are commonly weaponised into spearphishing, BEC and deepfake-enabled schemes. Organisations should emphasise security awareness, implement clear social media policies, enforce MFA and password managers, actively monitor public accounts and run red-team exercises to validate controls.
read more →

Microsoft Teams guest chat exposes cross-tenant blind spot

🔒 Security researchers warn that a cross-tenant collaboration design in Microsoft Teams can cause a user's Defender for Office 365 protections to be dropped when they accept a guest invitation and join another tenant. The default-enabled feature MC1182004 (chat with any email) lowers the bar for attackers to spin up hostile tenants and deliver links or files that bypass URL scanning, Safe Links, file sandboxing and zero-hour auto purge. Administrators are advised to treat guest access as a trust boundary: restrict B2B invites to vetted domains, enforce Entra ID cross-tenant policies, and disable the 'chat with Anyone' capability where appropriate.
read more →

Tycoon 2FA Kit Exposes Global Collapse of Legacy MFA

🔐 The Tycoon 2FA phishing kit is a turnkey, scalable Phishing-as-a-Service that automates real-time credential and MFA relay attacks against Microsoft 365 and Gmail. It provisions fake login pages and reverse proxies, intercepts usernames, passwords and session cookies, then proxies the MFA flow so victims unknowingly authenticate attackers. The kit includes obfuscation, compression, bot-filtering, CAPTCHA and debugger checks to evade detection and only reveals full behavior to human targets. Organizations are urged to adopt FIDO2-based, hardware-backed biometric and domain-bound authentication to prevent such relay attacks.
read more →

Quantum Route Redirect PhaaS Exploits Microsoft 365 Users

📧 KnowBe4 researchers have identified a phishing automation kit named Quantum Route Redirect (QRR) that uses roughly 1,000 domains to harvest Microsoft 365 credentials. The platform is preconfigured with common lures—DocuSign requests, payment notifications, missed voicemail notices and QR prompts—and typically hosts landing pages on parked or compromised legitimate domains to aid social engineering and evade detection. QRR includes a built-in filter that distinguishes humans from bots and security scanners, redirecting genuine users to credential-harvesting pages while sending automated systems to benign sites. Most observed attacks target U.S. users, and defenders are urged to deploy robust URL filtering and continuous account monitoring.
read more →

Email Blackmail and Scams: Regional Trends and Defenses

🔒 Most email blackmail attempts are mass scams that exploit leaked personal data and fear to extort cryptocurrency from victims. The article outlines common themes — fake device hacks, sextortion, and even fabricated death threats — and describes regional campaigns where attackers impersonate law enforcement in Europe and CIS states. It highlights detection signs and practical defenses, urging verification, use of reliable security solutions, and reporting threats through official channels.
read more →

Google Adds Maps Form to Report Review Extortion Scams

📍 Google has introduced a dedicated form for businesses on Google Maps to report extortion attempts where threat actors post inauthentic negative reviews and demand payment to remove them. The move targets review bombing schemes that flood profiles with fake one-star reviews and then coerce owners, often via third-party messaging apps. Google also highlighted related threats — from job and AI impersonation scams to malicious VPN apps and fraud recovery cons — and advised practical precautions for affected merchants and users.
read more →

Cybercriminals Increasingly Target Online Payroll Systems

🔒 Microsoft warns of an emerging scam targeting online payroll systems, in which attackers use social engineering to steal employee and administrator credentials. Those credentials are abused to reroute direct deposits into attacker-controlled accounts, and fraudsters may take extra steps such as changing contact details or suppressing notifications to delay detection. The advisory highlights how moving payroll online creates new avenues for account takeover and financial fraud, and urges employers and vendors to strengthen authentication, monitoring, and verification processes.
read more →

Microsoft Teams Vulnerabilities Expose Trust Abuse Today

🔒 Check Point Research identified multiple vulnerabilities in Microsoft Teams that could let attackers impersonate executives, manipulate message content, and spoof in-app notifications. The flaws exploit trust mechanisms built into real-time collaboration features used by more than 320 million monthly active users, turning expectations of authenticity into an attack vector. Researchers emphasize that trust alone isn’t a security strategy and urge rapid remediation by vendors and mitigations by organizations. Administrators should prioritize updates, review messaging policies, and increase user awareness to reduce exposure.
read more →

Large-Scale AWS Credential Abuse and SES Exploitation

🔐 Identity compromise is driving large-scale AWS abuse, with attackers leveraging stolen access keys to test accounts and weaponize Amazon SES for Business Email Compromise and invoice fraud. FortiGuard Labs attributes the reconnaissance layer to a campaign named TruffleNet that uses TruffleHog and automated AWS CLI/Boto3 requests to validate credentials and probe SES quotas. Fortinet recommends continuous monitoring, least-privilege access, MFA, and integrated detection via FortiCNAPP and related controls to detect and block these activities.
read more →

LinkedIn Phishing Targets Finance Executives With Fake Board

🔒 Hackers are exploiting LinkedIn direct messages to phish finance executives with messages claiming to invite recipients to an executive board and leading to credential-harvesting pages. Push Security says victims are redirected — including via a Google open redirect — to a Firebase-hosted 'LinkedIn Cloud Share' page that urges users to click a 'View with Microsoft' button. That flow then presents a Cloudflare Turnstile and a fake Microsoft sign-in used as an adversary-in-the-middle to capture credentials and session cookies; organizations should verify senders, avoid unsolicited links, and enforce MFA and conditional access.
read more →

Fake LastPass inheritance emails used to steal vaults

🔒 LastPass warns customers of a sophisticated phishing campaign that uses fake inheritance emails claiming a family member uploaded a death certificate to request emergency access to a user's vault. The messages include an agent ID and a link that redirects victims to a fraudulent page on lastpassrecovery[.]com where the victim is prompted to enter their master password. In some incidents attackers also called victims while posing as LastPass staff. The campaign, active since mid‑October and attributed to financially motivated group CryptoChameleon (UNC5356), has expanded to target passkeys as well.
read more →

Reducing Abuse of Microsoft 365 Exchange Online Direct Send

🛡️ Cisco Talos warns that Microsoft 365 Exchange Online’s Direct Send feature, intended for legacy devices and line‑of‑business appliances, is being abused to bypass standard authentication and content inspection. Attackers are leveraging these unauthenticated SMTP flows in phishing and BEC campaigns by impersonating internal users and embedding obfuscated lures such as QR codes and empty‑body messages. Talos recommends a phased approach — inventorying dependencies, migrating devices to authenticated SMTP or partner connectors, and validating mailflows before enabling RejectDirectSend — to reduce risk without disrupting critical workflows.
read more →