10-03-2019 , 09:21 PM
Quote:Email scammers are getting more sophisticated, with one gang showing particularly advanced tactics for stealing from organisations across the world by using stealth, persistence and social engineering to trick firms into paying invoices for legitimate services.
The attacks are different to standard Business Email Compromise (BEC) attacks because rather than using a fake request for a money transfer apparently ordered by a CEO or CFO, this campaign is based around supply chains, espionage and research, with the attackers only cashing in once they're convinced they can successfully dupe the victim by injecting themselves into a legitimate email thread about finance.
This kind of approach makes the attacks very difficult to detect – and often victims will only know they've been scammed when a vendor asks why a payment wasn't received.
Researchers at Agari have named this type of attack 'vendor email compromise' and have linked campaigns using it to a cyber-criminal gang operating out of Nigeria.
Dubbed Silent Starling, the group is believed to have been active since at least 2015, starting out with romance scams and check fraud, before turning to business email compromise with a focus on wire transfer requests and gift card scams.
Continue reading HERE