The hacker they pretended to be financial executives (CFO) to carry out BEC attacks (Business Email Compromise) against an important organization in the world of sport. And they asked the finance department to send funds to a non-existent insurance company. Researchers from Avanan they discovered the attack, and they explain to us how to avoid suffering similar ones.
BEC hacker attacks against the world of sports
Researchers from Avanana Check Point Software company, have identified a cyber attack that has seen hackers “Disguise” as CFO (Chief Financial Officer) of a sports company. And to do that they used a BEC (Business Email Compromise) attack.
The hackers first created a fake account of a company CFO, later identifying an account of a member of the finance team. Then they wrote an email that appeared to be sent by the CFO, with the address of a wire transfer from send to pay an insurance company. If the employee takes the bait, the money ends up in the hacker’s account, impossible to recover.
In the examples reported by the researchers, the email was accompanied by the name of a legitimate insurance company, West Bend Mutual. They also used ato email that echoes the company motto, to deceive the reader.
This type of attack is not new. Already in May, the FBI had reported an increase in scams of this type between July 2019 and December 2021. The increase in economic terms was even 62%. In 2021, hackers stole $ 40 million with cryptocurrencies and BECs alone, four times over the previous year.
To avoid being deceived, check that the email addresses match and carefully verify the sender. Also be suspiciouspreferring a message or a check call before sending corporate or personal money.
Leave a Reply
View Comments