"Too often, employees are unwittingly helping bad actors circumvent MFA defenses, as sophisticated phishing emails trick overloaded employees into approving fake authentication requests. Once inside the system, the attackers can initiate fraudulent wire transfer requests from genuine company email accounts. As a result, business wire fraud losses have been skyrocketing - and those funds are usually irretrievable. By the time the victim discovers their error, it's often too late."
"While hijacking official company email accounts isn't a new tactic, the sophistication of business email compromise (BEC) has been taken to a new level. The criminals' end-game of these attacks is frequently wire fraud, since the funds are exceedingly difficult to recover once they've been transferred. The privacy attorneys who sit on TransUnion's incident response advisory board report most of the multiple BEC cases they see on a daily basis are tied to wire fraud."
Criminals are increasingly bypassing multi-factor authentication by exploiting human behavior, using sophisticated phishing that persuades overloaded employees to approve fake authentication requests. After gaining access, attackers leverage hijacked company email accounts to initiate fraudulent wire transfer requests, producing largely irretrievable losses. Business email compromise has become more sophisticated with AI-enhanced phishing and use of breached personal data or public social media to convincingly impersonate trusted parties. Privacy attorneys report most BEC cases tie to wire fraud, with average fraudulent wire requests exceeding $24,000 and sharp month-over-month increases. Phishing messages often include links to spoofed login pages mirroring legitimate organizational sites.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]