A recent Business Email Compromise (BEC) investigation has uncovered a highly sophisticated attack that went beyond traditional email fraud. Instead of simply sending fraudulent emails in hopes of deceiving victims, cybercriminals strategically exploited the implicit trust between three business partners—Partner A, Partner B, and Partner C.
By infiltrating an email server, they gained full visibility into ongoing transactions and used this access to manipulate communications and divert funds into their own accounts.
The attack unfolded in two distinct phases. Initially, the threat actors gained control of a compromised third-party email server, which they used to send fraudulent messages.
Unlike typical phishing scams, this attack was highly calculated. The attackers carefully studied the writing styles of their targets, replicating common phrases, salutations, and email footers to make their messages appear authentic.
A key tactic in this attack was the gradual replacement of legitimate email recipients with addresses controlled by the attackers.
Over time, they subtly altered the email chain by replacing the intended recipients with fake accounts while keeping email headers intact. This tricked both Partner A and Partner B into believing they were corresponding with the right individuals when, in reality, their messages were being intercepted and manipulated.
The attackers also manipulated email authentication protocols t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: