All news with #business email compromise tag

🔒 ReliaQuest reports threat actors increasingly abusing the HTTP client Axios alongside Microsoft's Direct Send to create a highly efficient phishing pipeline that intercepts and replays authentication flows. Campaigns beginning in July 2025 targeted executives in finance, healthcare, and manufacturing and expanded to all users, achieving up to a 70% success rate when pairing Axios with Direct Send. Attackers also use PDF lures with malicious QR codes, Google Firebase hosting, and advanced MFA-bypass kits such as Salty2FA to simulate multiple 2FA methods and steal credentials.

🔍 ReliaQuest reports a sharp rise in automated phishing campaigns leveraging the Axios user agent and Microsoft's Direct Send feature, observing a 241% increase between June and August 2025. Attacks using Axios represented 24% of malicious user-agent activity and had a 58% success rate versus 9% for other incidents. When paired with Direct Send, success rose to 70%, prompting guidance to restrict Direct Send, enforce anti-spoofing, scan inbound messages for QR codes/URLs/PDFs, train users including executives, and block uncommon TLDs.

⚠️ The FBI and its Internet Crime Complaint Center (IC3) warn that seniors are being targeted by a three‑phase “Phantom Hacker” scam that combines tech‑support, financial‑institution, and U.S. government impersonations to extract life savings. Scammers typically gain trust by convincing victims to grant remote access, then prompt transfers via wire, cash, or cryptocurrency to purportedly secure accounts. The IC3 reports substantial losses—an average of US $83,000 per victim—and urges people not to allow remote access, download unsolicited software, or transfer funds at the request of unknown callers.

🔒 David Stone and Marina Kaganovich from Google Cloud’s Office of the CISO warn that cyber-enabled fraud (CEF) is scaling rapidly and presents severe financial and reputational risk. The post cites FBI data — $13.7 billion in losses in 2024 — and highlights common tactics such as phishing, ransomware, account takeover, and business email compromise. It urges CISOs and boards to shift from siloed defenses to a proactive, enterprise-wide posture using frameworks like FS-ISAC’s Cyber Fraud Prevention Framework and Google Cloud detection and protection capabilities.

📧 A targeted phishing campaign compromised an aviation executive’s Microsoft 365 credentials, allowing attackers to mine past invoice conversations and send convincing fake invoice requests to customers. Within hours the fraudsters registered a near‑identical domain and at least one customer paid a six‑figure phony invoice. Investigation links the registration details to a long‑running Nigerian BEC ring identified as SilverTerrier; firms are urged to combine employee training, domain monitoring and rapid use of the Financial Fraud Kill Chain to improve recovery chances.