"'BEC 3.0' Is Here With Tax-Season QuickBooks Cyberattacks"

Cybercriminals are targeting victims with well-crafted phishing attacks from QuickBooks online accounts to steal credentials. According to researchers from Avanan, the scheme is at a level of legitimacy and social engineering that suggests new Business Email Compromise (BEC) efforts. As the security and detection for BEC attacks are strengthened, cybercriminals are switching to even more evasive tactics, as demonstrated by the attacks. Avanan researchers refer to this evolution of attacks as "BEC 3.0." Researchers report that threat actors are now registering for free accounts for legitimate services and then targeting victims from those services using email addresses at domains that traditional scanning tools will not detect. This article continues to discuss BEC 3.0 attacks involving QuickBooks online accounts.

Dark Reading reports "'BEC 3.0' Is Here With Tax-Season QuickBooks Cyberattacks"