In 2021, Kaspersky researchers carefully scrutinized the way scammers prepare and distribute fraudulent emails, and discovered that these types of attacks typically fall into one of two categories: broad-based or carefully-defined targets. The first is characterized by a simplified mechanism in order to capture the largest possible number of victims. Attackers send bulk messages from free email accounts in hopes of defrauding company employees. Often these messages are not about a high degree of complexity, but rather about efficiency.

“Deceive the President”

In the “CEO Cheating” scenario, the employee is replaced by a fake e-mai l, allegedly sent by a senior assistant. The message is always general and informs about some things that need to be dealt with. The victim may be required to urgently terminate the contract, settle unpaid bills, or provide company information to a third party. Any worker can potentially become a victim. Naturally, this message contains some obvious red flags. You may notice, for example, that there is no business account, and it is clear that the sender is not a native speaker of the language he is using.

precise attacks

While some criminals rely on simplified mass mailing, others resort to more advanced messaging, precisely targeting BEC attacks . The process is as follows: cybercriminals first attack an “intermediate” mailbox, and gain access to the email on the specified account. Then, when they find the appropriate correspondence, for example in the mailbox of the subcontractor (in connection for example with financial or technical work-related matters), the attackers continue to exchange email with the victim, impersonating the contractor. Often the goal is to get victims to transfer money or install malware. Since the victim is involved in the correspondence that the attackers refer to, the malicious activity is more likely to be successful.

BEC attacks have become one of the most common social engineering tactics aimed at business . The reason for this is very simple – scammers focus on these activities because they are effective. As fewer people fall for unsophisticated and massive fake emails, scammers have begun to precisely collect data on their potential victims and then use it to build trust. Some of these attacks are possible because cybercriminals are able to find the names and positions of employees as well as internal contact lists without much trouble. said Roman Dedinok, a cybersecurity expert at Kaspersky.