A new email fraud scheme has taken Business Email Compromise (BEC) to a whole new level of sophistication. The recently discovered type of email scam has been dubbed Vendor Email Compromise (VEC) and as its name suggests, the attackers prey on employees working at vendor companies.
A new cybercriminal group, identified as Silent Starling by researchers at Agari, ran these malicious email campaigns. The fraudsters hacked the email accounts of employees working in the target’s finance department and gathered as much information as they could from their inboxes. In the end, the scammers sent them perfectly timed payment requests accompanied by fake invoices.
Since late 2018, over 700 employee accounts from more than 500 companies in the United States and over a dozen other countries have been compromised. Consequently, more than 20,000 sensitive emails have been harvested.
Traditionally, a BEC attack is based upon what is commonly referred to as CEO fraud or the impersonation of an upper or middle-management employee. In this case, fraudsters contact their “colleagues” from the financial department, requesting an urgent payment and providing all the necessary details for the money to be transferred. Since the email comes from a superior and the message is transmitted with a sense of urgency, employees are likely to fall for this scam, being completely unaware the money will end up in a cybercriminal’s account.
And now, through this social engineering tactic, impostors are targeting a new niche: vendors.
More precisely, scammers are preying on employees working in a vendor’s finance department, with the ultimate goal of gathering intelligence on customers they interact ..
Support the originator by clicking the read the rest link below.
: The Classic BEC Scheme with a Spin){kind=link}