Skip to main content

A new phishing scam pretends to be your boss sending you an email

One of the latest email scams is a simple yet masterful ploy that gets companies to give up money under the guise of communicating with senior members of an organization within an email chain.

As reported by ZDNet, the scam is called a business email compromise (BEC) campaign and is described as a prompt where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money. Targets of this type of scam are typically employees in the finance department or someone who has the ability to send wire transfers.

Recommended Videos

TechRadar noted that the email chains are fake but appear authentic enough that victims typically do not question that they are not from a higher-up employee.

Many people have become accustomed to more traditional email attacks, such as viruses, malware, or malicious links, which can often be avoided by not clicking links, opening emails, or downloading attachments. However, BEC campaigns are typically just text emails and don’t have these markers that would make them stand out as coming from a nefarious entity. They also aren’t automatically filtered out as spam.

While there remain more common types of email attacks, such as ransomware, BEC campaigns are a steadily growing threat. According to the FBI, incidents of BEC attacks grew by almost two-thirds (65%) between July 2019 and December 2021, and the practice itself has drawn in approximately $43 billion. According to the Internet Crime Complaint Center (IC3), the reach of BEC scam is comparable to the global tuna industry and the global used-clothes industry.

The AI-based cloud-native email security platform Abnormal Security believes the latest BEC scam originated in Turkey from a bad actor known as Cobalt Terrapin, with the first attacks beginning in July 2022.

Scams such as BEC are not the only way that bad actors are bypassing the usual methods of cybercrime. “Cookie stealing” has also become one of the latest trends that hackers use to bypass credentials and access private databases.

One such attack involved a government-backed group known as Charming Kitten that was able to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, using similar cookie-stealing tactics. The group developed a hacking tool called Hyperscape, which it used to bypass security measures such as multifactor authentication to access private email databases.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Your PC’s security is being attacked on two new fronts
Person using Windows 11 laptop on their lap by the window.

Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features -- one that exploits Windows search and another a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in what researchers have called a "clever" way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.

Read more
5 email apps you should use instead of Gmail or Outlook
The Proton Mail email app running on a MacBook.

Gmail and Outlook are the two go-to email clients -- the default apps that almost everyone uses. That doesn't, however, mean they're the best.

If you’re looking to switch things up and try out something new, there are some really good options out there that offer a fresher take on email. Each one does something different to stand out from the crowd, but they’re all extremely good at managing your mail.
Spark Mail + AI

Read more
How your boss can spy on you with Slack, Zoom, and Teams
Good Morning GIF in Slack on a laptop.

Virtual workspace tools like Slack and Teams can be incredibly handy, both for those working in the office who need to send a quick message or arrange a meeting, and especially for those working remotely who need to stay in contact with their co-workers. With the rise of remote work, more and more office workers are spending a significant chunk of their day on these tools. However, if you use these then you should be aware that what you do in these systems isn't private -- most likely it can be seen by your boss. Even private conversations may not be as private as you think.
Slack

Apps like Slack, Teams, and other common business collaboration platforms are structured via admin permissions. In other words, with the right permissions, your boss can have a large amount of control over the platform and what’s happening on it. And if a manager goes to IT -- well, they can ask to see just about anything that happens on the app.

Read more