Security

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business accounts worth their weight in gold to scammers


Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck.

The FBI's Internet Crime Complaint Center (IC3) says that attacks using Business Email Compromise (stealing a legit business account and then using it to transfer funds out to criminals) incidents have exploded, with reported losses more than doubling over the last two years.

From October 2013 to May 2018, 78,617 incidents were reported to the two groups, with total losses topping $12.5bn. In the US alone, 41,058 companies were hit for $2.93bn worth of losses. By comparison, between 2013 and 2016, BEC attacks netted criminals worldwide around $5bn in total.

"Between December 2016 and May 2018, there was a 136 per cent increase in identified global exposed losses the FBI said. "The scam has been reported in all 50 states and in 150 countries."

Also known as 'whaling', the attacks target specific, high-value accounts and individuals. The technique can be enormously profitable for scammers when they succeed.

It is not just cash transfers that are being targeted. IC3 notes that personally identifiable information is also increasingly being sought (usually for identity or tax theft). Scammers are also looking to move into targeting new industries such as real estate where companies are not as wise to their tricks.

"Victims most often report a spoofed email being sent or received on behalf of one of these real estate transaction participants with instructions directing the recipient to change the payment type and/or payment location to a fraudulent account," the agencies said in their report.

Scammers ahoy! International police operation harpoons 74 email whaling suspects

READ MORE

"The funds are usually directed to a fraudulent domestic account which quickly disperse through cash or check withdrawals."

Most often, the report says, the cash ends up getting moved via money mules before going to banks in China or Hong Kong via wire transfer. Outside of Asia, the report notes that banks in Mexico, Turkey, and the UK have also been popular locations to dump the pilfered cash.

The report recommends that companies use multiple forms of communication before making a transfer, particularly ones that include changes in the way a payment is issued. This will make it harder for the would-be scammers to operate.

"Be wary of any communication that is exclusively e-mail based and establish a secondary means of communication for verification purposes," the agencies advise.

"Be mindful of phone conversations. Victims have reported receiving phone calls from BEC/EAC actors requesting personal information for verification purposes." ®

Send us news
11 Comments

Japan plans remote-controlled robotic space tourism to the ISS and beyond

'Avatars' that roam around space station, or do work with high performance hands, to be controllable from the ground

The International Space Station is getting mobile robot “space avatars” controllable by the public from Earth, courtesy of a joint project between the Japan Aerospace Exploration Agency (JAXA) and ANA Holdings’ telepresence start-up avatarin.

The project will create a virtual remote space tourism experience aimed at those who can't afford to hitch a ride with Jeff Bezos or Richard Branson.

JAXA’s press release reads:

Continue reading

SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube

Has since been recovered, and Scaleway now ships disks with GPS trackers

It sounds like a "dog ate my homework" excuse for the cloud age, but Euro-cloud Scaleway says one of its solid-state disks was stolen from a truck, turned up in the hands of a YouTuber, and has now made its way back home.

A Saturday post by CEO Yann Lechelle revealed that over a year ago, a disk was stolen while in transit between two Scaleway data centres.

The disk disappeared, and Scaleway warned clients about the incident.

Continue reading

Private cryptocurrencies make lousy national currencies: International Monetary Fund

But the idea of blockchain-powered money is worth government consideration

The International Monetary Fund has called on nations to consider using blockchain tech to improve financial services, but warned that dabbling with private cryptocurrencies is vastly risky.

A Monday post titled Cryptoassets as National Currency? A Step Too Far opens by stating "New digital forms of money have the potential to provide cheaper and faster payments, enhance financial inclusion, improve resilience and competition among payment providers, and facilitate cross-border transfers."

But the post notes that some nations are considering they could access those benefits with the shortcut of adopting cryptoassets as either legal tender, or even "a second (or potentially only) national currency".

Continue reading

Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack

Characteristically mum about details

Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.

CVE-2021-30807, credited to an anonymous researcher, has been addressed by undisclosed but purportedly improved memory handling code.

Continue reading

Bezos offers to knock $2bn off his bill to NASA to stay in the running for Moon contract

It's not a bribe when it's a payment waiver

Blue Origins supremo Jeff Bezos has offered NASA a $2bn discount to keep his dream alive of transporting the next American man and first woman to the Moon's surface.

Earlier this year, the contract for the Human Landing System (HLS), the craft that will put a crew on the Moon as part of NASA’s lunar Artemis program, was solely awarded to SpaceX. Blue Origin and Dynetics complained to the US Government Accountability Office (GAO) that this was unfair: in their mind, NASA was reneging on a promise to keep the process of selecting a lander competitive by just defaulting to SpaceX.

NASA later retracted its decision to side just with Elon Musk's SpaceX. Blue Origin essentially wants to stay in the race to produce a lander for the Moon mission, and has made a bunch of offers to NASA to make that happen.

Continue reading

Dell won't ship energy-hungry PCs to California and five other US states due to power regulations

Energy efficiency rules appears to be limiting the availability of gaming rigs

Dell is no longer shipping energy-hungry gaming PCs to certain states in America because they demand more energy than local standards allow.

Customers seeking to purchase, for example, an Alienware Aurora Ryzen Edition R10 Gaming Desktop from Dell's website and have it shipped to California are now presented with a message that tells buyers they're out of luck.

"This product cannot be shipped to the states of California, Colorado, Hawaii, Oregon, Vermont or Washington due to power consumption regulations adopted by those states," the website says. "Any orders placed that are bound for those states will be canceled."

Continue reading

You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick

Microsoft offers some mitigations for thwarting PetitPotam attacks

Microsoft completed a vulnerability hat-trick this month as yet another security weakness was uncovered in its operating systems. And this one doesn't even need authentication to work its magic.

The security shortcoming can be exploited using the wonderfully named PetitPotam technique. It involves abusing Redmond's MS-EFSRPC (Encrypting File System Remote Protocol) to take over a corporate Windows network. It seems ideal for penetration testers, and miscreants who have gained a foothold in a Windows network.

Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC to force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. The end result is an authentication certificate that grants the attacker domain-controller-level access to services, allowing them to commandeer the entire domain.

Continue reading

Google updates timeline for unpopular Privacy Sandbox, which will kill third-party cookies in Chrome by 2023

'The W3C doesn't get to be the boss of anyone, the decisions are going to be made at each of the browsers'

Google has updated the schedule for its introduction of "Privacy Sandbox" browser technology and the phasing out of third-party cookies.

The new timeline has split the bundle of technologies in the Privacy Sandbox into five phases: discussion, testing, implementation in Chrome (called "Ready for adoption"), Transition State 1 during which Chrome will "monitor adoption and feedback" and then the next stage that involves winding down support for third-party cookies over a three-month period finishing "late 2023."

Although "late 2023" might sound a long way off, the timeline has revealed that "discussion" of the contentious FLoC (Federated Learning of Cohorts) is planned to end in Q3 2021 – just a couple of months away – and that discussion for First Party Sets, rejected by the W3C Technical Architecture Group as " harmful to the web in its current form," is scheduled to end around mid-November.

Continue reading

Remember the bloke who was told by Zen Internet to contact his MP about crap service? Yeah, it's still not fixed

Fear not! Issue is at the 'highest level of escalation,' says ISP

A broadband customer from Leatherhead, Surrey, who was told to "speak to your MP" after his ISP failed to resolve repeated line disconnections has now been informed he can leave his contract without penalty after Openreach failed to resolve the problem.

Alan Brown, a network manager at a Russell Group University, got in touch with us in February exasperated at the poor service he was experiencing and the contradictory information he'd received from his ISP, Rochdale-based Zen Internet, and Openreach engineers.

On one day alone he told us he'd experienced no fewer than 28 breaks in service.

Continue reading

South Korea reports export boom in silicon, wireless comms, and instant noodles

Makes sense really

Newly released data suggests South Korea is having a silicon and instant noodle renaissance, both thanks to COVID-19.

The south side of the nation had a great month for exports as the daily average for the first 20 days of July grew by 32.8 percent year-on-year. Data released by the Korea Customs Service detailed a year-on-year increase in semiconductors by 33.9 per cent, wireless communication by 68.1 per cent, and industrial precision equipment by 15.1 per cent. Meanwhile, figures decreased for computer peripheral equipment by 7.8 per cent.

The increases are welcome news to many given the pandemic-related supply issues seen globally last year and this, specifically those in the semiconductor industry.

Continue reading

Brit reseller given 2022 court date for £270m Microsoft SaaS licence sueball's first hearing

End of March for ValueLicensing's jurisdictional defence

British software licence reseller ValueLicensing has a trial date for the first part of a £270m legal showdown against Microsoft after accusing the US behemoth of breaking UK and EU competition laws.

A High Court hearing of Microsoft's attempt to strike out ValueLicensing's case will take place on 30-31 March 2022, the British company announced in a statement today.

Jon Horley, founder and MD of ValueLicensing, said: "This High Court claim covers the damage to our business through Microsoft's abuse of its dominant market position, effectively destroying the pre-owned software market for desktop products. We are not the only victim to have suffered loss as a result of Microsoft's anticompetitive activity since 2016."

Continue reading