Avanan, A Check Point Software Company, has published a new report on tracking the rise and continuous evolution of Business Email Compromise (BEC) attacks as researchers observe different variants.
According to Jeremy Fuchs, Cybersecurity Researcher/Analyst at Avanan, there’s BEC 1.0, where hackers pose as your boss and ask you to get a gift card; BEC 2.0, leveraging compromised accounts at the organization to unleash attacks within legit emails; and BEC 3.0, a third tier researchers are seeing develop.
Conversation Hijacking: In this attack brief, the hacker takes over an account and inserts themselves into a legitimate conversation, posing as the employee of which the account has been compromised (i.e., someone took over my account and started replying as me – the end-user would have no way of knowing.)
The research is live here: https://www.avanan.com/blog/business-email-compromise-scam-tries-to-trick-company-into-payment.