New Vendor Email Compromise Attack Seeks $36 Million

April 8, 2023

The new season is a great reason to make and keep resolutions. Whether it’s eating right or cleaning out the garage, here are some tips for making and keeping resolutions.

The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.

It’s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.


This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor’s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there’s the now-obvious problem with it looking very much like .com to the cursory glance).


The email attaches a legitimate-looking payoff letter complete with loan details:


 

According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT).


This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, the user needs to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through continual Security Awareness Training.


Source: Abnormal Security, KnoweBe4 Cyberheist Blog

By Michael Emdy November 17, 2024
Service Platform Upgrade: Enhancing Your Experience
By Michael Emdy March 6, 2024
Over 40% of cybersecurity teams told to keep breaches confidential
By Michael Emdy March 5, 2024
A New Twist on Cybercrime
March 4, 2024
Secure information exchange in just 3 clicks
High Cost of FTC Safeguards Rule Impact on Auto Dealerships
April 15, 2023
This blog post delves into the implications of non-compliance with the FTC Safeguards Rule for auto dealerships. It discusses the costs of failing to adhere to this regulation and highlights the impact it can have on the operations of these businesses. If you're an auto dealership owner or manager, this article provides valuable insights into the importance of complying with the FTC Safeguards Rule.
Security Best Practices Checklist
By Website Editor April 8, 2023
This article explores the six essential cybersecurity best practices that every employee should follow to protect themselves and their organizations from cyber threats. The post discusses the importance of employee training, information security, data protection, and online safety, and provides practical tips for implementing these best practices. Whether you're an executive, an IT professional, or an employee, this article will help you understand the critical steps you can take to stay safe in the digital world.
ChatGPT: AI's Role in Revolutionizing Cybersecurity
By Website Editor April 8, 2023
In this article, we explore the role of ChatGPT, a state-of-the-art AI language model, in revolutionizing the field of cybersecurity. We discuss how AI technology is being used to enhance threat detection and response, improve data privacy and protect against cyberattacks. We also examine some of the challenges and ethical considerations surrounding the use of AI in cybersecurity and how ChatGPT is helping to address them. Whether you are a cybersecurity professional or simply interested in the latest advancements in AI technology, this article offers valuable insights into the future of cybersecurity.
Share by: