This was just one example detected by SecureWorks, which has been studying the business email compromise, or BEC, trend and issued a new report. The increasingly common form of social engineering attack sends phony emails that appear to come from a legitimate source and target individuals who are duped into authorizing transfers of funds.
In this case, the perps were a 30-member group that SecureWorks dubbed Wire-Wire Group 1 (WWG1), an escalation of the "Nigerian prince" and "419" con man scams.
"The threat actors added a rule to the employee's email to redirect all future email from the U.S. company to the attacker's email account," the report found.
Campaigns like this one are raking in $6 million annually. In April, the FBI said nearly 18,000 victims had reported BEC scams in the past three years, resulting in the loss of $2.3 billion.