Advertisements
The new wave of phishing that researchers at Avanan, a Check Point Software Company, recently talked about is BEC 3.0. Hackers can sign up for a free account somewhere, send out an invoice or other communication, and embed the malicious activity within that. Avanan’s covered this ability in PayPal, Google, and more.
Last year, they wrote about how hackers can do something similar in QuickBooks. Now, they’re back at it. In this attack brief, hackers create free accounts in Quickbooks to steal money and information from end-users by sending fake invoices from a legitimate domain.
You can read the attack brief here.