"BEC Attacks: Scammers' Latest Tricks"

A survey by GreatHorn revealed that 71 percent of organizations experienced at least one Business Email Compromise (BEC) attack within the past year. New research from Trend Micro has suggested that scammers are increasing their efforts in the performance of BEC attacks. Threat researchers and analysts at Trend Micro observed that BEC attacks not only target high-profile users such as executives but also any employees that can be found on LinkedIn and other social media networks with potentially valuable personal information published. Such information can be used to impersonate employees and partners, and lead to significant financial damage to targeted businesses. BEC scams have been among the top lucrative cybercriminal schemes for many years as they are often difficult to detect. Since BEC scam emails target specific recipients, do not include malicious attachments or links, and usually start with harmless requests, it is difficult for email security solutions to detect them. One trick used by BEC scammers is to register domain names containing keywords associated with the telecommunications industry and service provider names. Another trick employed by BEC scammers is to register domains with long names, common keywords, and new generic top-level domain (TLD) words. This article continues to discuss the difficulty in detecting BEC attacks and the latest tricks used by BEC scammers. 

Help Net Security reports "BEC Attacks: Scammers' Latest Tricks"