Tuesday, 3 November 2015

CEO Fraudsters Hit When Using 'Reply-To' Option

Criminals who engage in fraud CEO, also known as business mail compromise, adapt to various new tactics to highlight organizations, such as using the 'reply-to' option. That claims security PhishLabs. CEO fraud is a form of cyber crime involving financial people within an organization to receive an email that appears to come from the director.

In the email is asked to urgently make a large sum of money about. The FBI have criminals in this way for 1.2 billion dollars managed to steal. At the first attack, the criminals were using free email services company or hacked accounts to send fraudulent requests. Now they're using hacked e-mail accounts from Internet company GoDaddy. These accounts are in fact easy to reproduce through phishing attacks, support the use of the 'reply-to' option and the 'identity' feature.

Through this feature simple as the sender can specify any email address. Fraudsters use this feature for composing an e-mail to from a legitimate address of the attacked organization, such as the email address of the director. Then they fill the reply-to address an e-mail address is managed by the criminals. Most e-mail clients only show the name and hide the e-mail address, so employees do not immediately see the reply-to address.

Another change in method is that the first e-mail is concise and contains no payment details. In earlier attacks was financial controller immediately sent to the bank account and amount to. Now the fraudsters exchanged several emails before the account data is transmitted. And also for the bill is the tactic changed. Foreign accounts were first used in China, for example, now the US accounts. PhishLabs advises organizations to create more awareness among the staff and spam filters first so that fraudulent emails are blocked.

No comments:

Post a Comment