compromised email accounts to conduct unauthorized transfers of funds or to request sensitive personal or financial information. In some cases, the scammers impersonate high-ranking company officials, legal advisors, or vendors, creating a sense of urgency or authority to prompt hasty actions by the victims.
Several distinct types of BEC scams have been observed in the wild:
- Fake invoice schemes: This is where scammers pretend to be your suppliers. They send you fake invoices that look real, hoping you’ll just pay them without double-checking.
- CEO fraud: Here, the scammer poses as the big boss—maybe your CEO or another top executive. They send an email that seems to come from them, usually asking for an urgent money transfer.
- Attorney impersonation: In these scams, the fraudsters pretend to be lawyers or legal advisors, usually emailing you about something confidential or urgent that needs quick financial action.
- Data theft: By targeting HR or finance folks, data theft scams aim to get personal or financial info about employees or the company. Remember: it’s not always about money.
- Commodity theft: Last but not least, this type of BEC scam is a bit different because it focuses on physical goods. Basically, scammers order products or services using a compromised email account, often posing as a legitimate employee or business associate, but never paying for them.
The scam begins with the identification of potential targets. Scammers often focus on individuals within a company who have the authority to make financial transactions or access sensitive information. These targets are usually identified through public sources such as company websites
More info: How Desktop Virtualization works