Skip to main content

A new phishing scam pretends to be your boss sending you an email

One of the latest email scams is a simple yet masterful ploy that gets companies to give up money under the guise of communicating with senior members of an organization within an email chain.

As reported by ZDNet, the scam is called a business email compromise (BEC) campaign and is described as a prompt where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money. Targets of this type of scam are typically employees in the finance department or someone who has the ability to send wire transfers.

TechRadar noted that the email chains are fake but appear authentic enough that victims typically do not question that they are not from a higher-up employee.

Many people have become accustomed to more traditional email attacks, such as viruses, malware, or malicious links, which can often be avoided by not clicking links, opening emails, or downloading attachments. However, BEC campaigns are typically just text emails and don’t have these markers that would make them stand out as coming from a nefarious entity. They also aren’t automatically filtered out as spam.

While there remain more common types of email attacks, such as ransomware, BEC campaigns are a steadily growing threat. According to the FBI, incidents of BEC attacks grew by almost two-thirds (65%) between July 2019 and December 2021, and the practice itself has drawn in approximately $43 billion. According to the Internet Crime Complaint Center (IC3), the reach of BEC scam is comparable to the global tuna industry and the global used-clothes industry.

The AI-based cloud-native email security platform Abnormal Security believes the latest BEC scam originated in Turkey from a bad actor known as Cobalt Terrapin, with the first attacks beginning in July 2022.

Scams such as BEC are not the only way that bad actors are bypassing the usual methods of cybercrime. “Cookie stealing” has also become one of the latest trends that hackers use to bypass credentials and access private databases.

One such attack involved a government-backed group known as Charming Kitten that was able to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, using similar cookie-stealing tactics. The group developed a hacking tool called Hyperscape, which it used to bypass security measures such as multifactor authentication to access private email databases.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Firefox just got a great new way to protect your privacy
Canva in Firefox on a MacBook.

If you’re fed up with signing up for new accounts online and then being perpetually spammed in the days and weeks after, Mozilla has an idea that could help. The company has just announced its Firefox Relay feature is being directly integrated into its Firefox web browser, and it could help guarantee your privacy without any extra hassle.

Firefox Relay works by letting you create email “masks” when you sign up for new accounts. Instead of entering your real credentials into the sign-up field, Firefox Relay provides you with a throwaway address and phone number to use. Any messages from the website -- such as purchase receipts -- are then forwarded to your real email address, with all the sender’s tracking information stripped out to protect your privacy.

Read more
If you use this free password manager, your passwords might be at risk
Office computer with login asking for password and username.

Researchers have just found a flaw within Bitwarden, a popular password manager. If exploited, the bug could give hackers access to login credentials, compromising various accounts.

The flaw within Bitwarden was spotted by Flashpoint, a security analysis firm. While the issue hasn't received much -- or any -- coverage in the past, it appears that Bitwarden was aware of it all along. Here's how it works.

Read more
If you use PayPal, your personal data may have been compromised
A person holds a mobile phone with the PayPal app open.

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here's what we know about what happened and how to protect yourself.

Read more