Business email compromise or impersonation attacks overall rose during the second quarter of 2019 by 25 percent with some types of attacks becoming more common and better executed.During this period FireEye
has noted attackers are increasingly impersonating executives and attempting to
involve a company’s supply chain vendors as part of the attack to make it
appear as if the malicious email is a legitimate request. These tactics have
been honed to a point where they are easily convincing employees to take the
bait.Some of the steps being
taken have been used in the past, such as spoofing the return address, but
FireEye found the attackers are doing more research on their victim to better
tailor the attack.Source: FireEye
This includes creating a
greeting aimed at a specific recipient at the targeted company and using a doctored
version of a real company invoice that is then attached to the email. To place
more pressure on the employee the email is marked urgent and to cap it off the
signature, purportedly from the company exec, is added that includes name,
phone number, email and address all of which are real.Despite the increased
believability being built into these scams, there are methods making them
detectable. Worker education remains the first line of defense with employees
being taught to double check with the person supposedly asking for the payment
before completing the transaction. Implementing social graph impersonation
filtering and improved identification of suspicious email activity can also be
used with a high level of success.
Organizations across Russia have been subjected to four times more phishing intrusions with the PureRAT information-stealing malware during the first four months of 2025, compared with the same period last year, reports The Hacker News.
More than 100 Chrome browser extensions masquerading as legitimate tools, including YouTube, Fortinet VPN, Calendly, and DeepSeek AI, have been utilized to enable browser data compromise and remote script execution as part of a new attack campaign, BleepingComputer reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news