In new phishing scam, attackers pretend to be your boss: Report

Cybersecurity researchers have uncovered a new phishing scam where malicious actors pretend to be victims' bosses to get them to send funds to accounts controlled by the scammers.

The scammers forward email chains to victims in an attempt to appear legitimate and ask them to pay for fake invoices. (Image credit: Pixabay)

Cybersecurity researchers have discovered a new business email compromise (BEC) phishing scam where malicious actors send emails to corporate employees pretending to be their boss to get them to send funds. As reported by ZDNET, this advanced BEC campaign forwards email threads to victims, tricking them into thinking that it is an ongoing thread from their boss. They then ask the victim to make a payment or deal with an invoice. This money would be sent to an account run by the attacker. These attacks are often personalised and use email spoofing to make it appear legitimate.

“Like all BEC attacks, the reason traditional email defences have a difficult time detecting them is because they don’t contain any of the static indicators most defences look out for, like malicious links or attachments. Most BEC attacks are nothing more than pure, text-based social engineering that traditional email defences are not well-equipped to detect,” said Crane Hassold, director of threat intelligence at Abnormal Security, to ZDNET. Abnormal Security is the cybersecurity firm that discovered the phishing scam.

ALSO READ | Twitter will now let users combine videos, GIFs and photos in a single tweet

The attackers reportedly use an invoice request that makes it look like the money is being paid to a client or a partner business in an effort to make the victim follow the instructions without asking questions or alerting someone. According to Abnormal Security’s analysis, this campaign has been active since July 2022 and is potentially the work of a threat group called Cobalt Terrapin, which operates out of Turkey.

Story continues below this ad

It is a little difficult for companies to defend themselves against such BEC campaigns because these attacks rely on social engineering instead of using malware that could be detected by threat detection software.

One way for companies to defend themselves against such BEC attacks would be to educate their staff to identify scam emails. For example, such scam emails could involve unusually urgent requests aimed at not giving the victim enough time to think before acting. Staff should also be asked to verify such emails through other forms of communication if they find something suspicious.

Tags:
cybersecurity

Top Stories

‘Had conversations with lawyers’: Omar considering joining J-K statehood case in SC

Sunny Deol recalled the time he was slapped by father Dharmendra

Entertainment Angry Dharmendra made Sunny Deol redo Betaab dubbing; recalled slapping him only once in life: 'Had two fingers imprinted on my face'

Rohit Sharma has been replaced as captain, with both chief selector Ajit Agarkar and head coach Gautam Gambhir non-committal about his and Kohli’s future. (AP Photo)

Sports On the edge in Oz: Rohit Sharma’s ODI legacy and the looming curtain call

Narendra Modi government, Modi government, Modi government investing in tech, semiconductors, quantum computing, green tech, Narendra Modi, artificial intelligence, Indian express news, current affairs

Opinion Modi government is investing in tech. Private sector must step up

Omar says he is considering becoming a party to JK statehood case in SC

India3 hr ago

Omar Abdullah, former and current CM of Jammu and Kashmir, plans to join the legal fight for restoring statehood to the UT. He believes his experience makes him best suited to understand the drawbacks of being a UT. The case, with multiple petitions from citizens, was last heard on October 10.

View all shorts

Live Blog

Loading Taboola...