Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,150,838 members, 7,810,219 topics. Date: Saturday, 27 April 2024 at 12:31 AM |
Nairaland Forum / Eskdale's Profile / Eskdale's Posts
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (of 11 pages)
Jokes Etc / Re: Caption This Photo Of Worgu Bond During Swearing In. by Eskdale(m): 11:31am On Jun 22, 2020 |
I uploaded pics but it can't be seen, don't know y |
Jokes Etc / Caption This Photo Of Worgu Bond During Swearing In. by Eskdale(m): 11:12am On Jun 22, 2020 |
What's your say about this photo of Worgu Bond during swearing in by APC NWC. |
Politics / Re: SERAP Sues Health Ministry, NCDC Over ‘failure To Account For COVID-19 Money’ by Eskdale(m): 8:36am On Jun 22, 2020 |
Family / Re: Woman Disgraces Her Man Abroad After Discovering He Has A Wife In Nigeria by Eskdale(m): 3:00pm On Jun 19, 2020 |
Rozz: ok same with women |
Politics / Re: Nnamdi Kanu To FG: Invite Us To Negotiate Peaceful Exit Of Biafra by Eskdale(m): 1:50pm On Jun 19, 2020 |
last time I checked: 1 Biafran pounds = N800 naira - N270 in most countries |
Politics / Re: Plot To ‘Bring Back’ Obaseki To APC Thickens by Eskdale(m): 2:13pm On Jun 18, 2020 |
OZAOEKPE: well said my daughter. |
Crime / Re: BEC Scam!: Things You Need To Know About Business Email Compromise Scam. by Eskdale(m): 10:41am On Jun 18, 2020 |
skyhighweb:why? |
Crime / Re: BEC Scam!: Things You Need To Know About Business Email Compromise Scam. by Eskdale(m): 10:24am On Jun 18, 2020 |
front page worthy
cc:lala 1 Like |
Crime / BEC Scam!: Things You Need To Know About Business Email Compromise Scam. by Eskdale(m): 10:24am On Jun 18, 2020 |
DEFINITION OF BUSINESS E-MAIL COMPROMISE Business e-mail compromise (BEC) is when an attacker hacks into a corporate e-mail account and impersonates the real owner to defraud the company, its customers, partners, and/or employees into sending money or sensitive data to the attacker’s account. BEC is also known as a “man-in-the-email” attack. This is derived from the “man-in-the-middle” attack where two parties think that they are talking to each other directly, but in reality, an attacker is listening in and possibly altering the communication. HOW BUSINESS E-MAIL COMPROMISE WORKS A BEC scam starts with research. An attacker will sift through publicly available information about your company from your website, press releases, and even social media posts. He/she might look for the names and official titles of company executives, your corporate hierarchy, and even travel plans from email auto-replies. The attacker will then try to gain access to an executive's e-mail account. To remain undetected, he/she might use inbox rules or change the reply-to address so that when the scam is executed, the executive will not be alerted. Another trick is to create an e-mail with a spoofed domain. For example, the attacker might use john.smith@samp1e.com instead of john.smith@sample.com, or john.smith@believeme.com instead of john.smith@beleiveme.com. If you do not pay close attention, it is easy to get fooled by these slight differences. One of the most famous spoofed domain tricks ever was the “PayPa1.com” – a scam site imitating money transfer website Paypal.com. After scouting corporate communications for some time, the attacker will probably have a good idea of scam scenarios that might work. For instance, if the company has a lot of suppliers, he/she can send invoices to accounting for the rush payment of materials. The attacker would know who is responsible for wire transfers and be able to craft a convincing scenario that would require the immediate transfer of funds. MOST VULNERABLE TYPES OF BUSINESS E-MAIL ADDRESSES While a BEC scam can target anyone in the company, high-level executives and people working in the finance department are the most likely targets. According to Krebs on Security, phishing attacks that spoofed the CEO or company director were among the most costly scams reported in 2016. “Whaling” and “CEO Fraud” are two emerging terms used to describe the phenomenon of targeting high-level executives, and are typically more difficult to detect than traditional phishing scams since they are so targeted. EXAMPLES OF BUSINESS E-MAIL COMPROMISE Some of the most prevalent examples of BEC scams are: The fraudulent invoice scam is when a cybercriminal uses an employee's e-mail to send notifications to customers and suppliers asking for payment to the cybercriminal's account. The fake boss scam is when a fraudulent email is sent from a business executive’s account to employees instructing them to urgently transfer money from the corporate account to the criminal's account. The fake attorney scam is when a lawyer's e-mail address is used to contact clients, asking that they pay money immediately to keep things confidential. However, business e-mail compromise attacks do not only involve money; sometimes, attackers seek PII or trade secrets. SCOPE OF BUSINESS EMAIL COMPROMISE One high-profile BEC case involved a Lithuanian cybercriminal that used the e-mail addresses of suppliers. Companies that were targeted include Apple and Facebook. By impersonating suppliers, the hacker was able to steal $100 million in two years. In another case, the FACC AG CEO was fired after such an attack cost the company $54 million. Business e-mail compromise attacks have already cost U.S. businesses at least $1.6 billion in losses from 2013 to the present. According to the Federal Bureau of Investigation, that number could easily be as high as $5.3 billion around the world. In 2016, there were at least 40,000 incidents of business e-mail compromise or other incidents that involve e-mails—an increase of around 2,370% since January 2015. In the second half of 2016 alone, the FBI reported more than 3,044 victims in the United States, with a combined loss of around $346 million. Where does most of the money go? Most of the victims are told to send the money to an Asian bank, usually in Hong Kong or China, or a bank in the United Kingdom. BEST PRACTICES FOR PROTECTING AGAINST BUSINESS EMAIL COMPROMISE Business e-mail compromise attacks are successful for three main reasons: Insufficient security protocols Social engineering Lack of employee awareness Multi-factor authentication should be implemented as an IT security policy. This will help prevent unauthorized access of e-mails, especially if an attacker attempts to login from a new location. In addition to stronger security protocols, employee education is also important. Employees should be trained on identifying fraudulent e-mails. Always be skeptical of urgent and rush money transfer requests, especially from C-level executives, and verify those requests, either by phone or in person. cc: lalasticlala cc:mydn44 |
Computers / BEC: Important Things To Know About Business Email Compromise And How It Works. by Eskdale(m): 10:07am On Jun 18, 2020 |
DEFINITION OF BUSINESS E-MAIL COMPROMISE Business e-mail compromise (BEC) is when an attacker hacks into a corporate e-mail account and impersonates the real owner to defraud the company, its customers, partners, and/or employees into sending money or sensitive data to the attacker’s account. BEC is also known as a “man-in-the-email” attack. This is derived from the “man-in-the-middle” attack where two parties think that they are talking to each other directly, but in reality, an attacker is listening in and possibly altering the communication. HOW BUSINESS E-MAIL COMPROMISE WORKS A BEC scam starts with research. An attacker will sift through publicly available information about your company from your website, press releases, and even social media posts. He/she might look for the names and official titles of company executives, your corporate hierarchy, and even travel plans from email auto-replies. The attacker will then try to gain access to an executive's e-mail account. To remain undetected, he/she might use inbox rules or change the reply-to address so that when the scam is executed, the executive will not be alerted. Another trick is to create an e-mail with a spoofed domain. For example, the attacker might use john.smith@samp1e.com instead of john.smith@sample.com, or john.smith@believeme.com instead of john.smith@beleiveme.com. If you do not pay close attention, it is easy to get fooled by these slight differences. One of the most famous spoofed domain tricks ever was the “PayPa1.com” – a scam site imitating money transfer website Paypal.com. After scouting corporate communications for some time, the attacker will probably have a good idea of scam scenarios that might work. For instance, if the company has a lot of suppliers, he/she can send invoices to accounting for the rush payment of materials. The attacker would know who is responsible for wire transfers and be able to craft a convincing scenario that would require the immediate transfer of funds. MOST VULNERABLE TYPES OF BUSINESS E-MAIL ADDRESSES While a BEC scam can target anyone in the company, high-level executives and people working in the finance department are the most likely targets. According to Krebs on Security, phishing attacks that spoofed the CEO or company director were among the most costly scams reported in 2016. “Whaling” and “CEO Fraud” are two emerging terms used to describe the phenomenon of targeting high-level executives, and are typically more difficult to detect than traditional phishing scams since they are so targeted. EXAMPLES OF BUSINESS E-MAIL COMPROMISE Some of the most prevalent examples of BEC scams are: The fraudulent invoice scam is when a cybercriminal uses an employee's e-mail to send notifications to customers and suppliers asking for payment to the cybercriminal's account. The fake boss scam is when a fraudulent email is sent from a business executive’s account to employees instructing them to urgently transfer money from the corporate account to the criminal's account. The fake attorney scam is when a lawyer's e-mail address is used to contact clients, asking that they pay money immediately to keep things confidential. However, business e-mail compromise attacks do not only involve money; sometimes, attackers seek PII or trade secrets. SCOPE OF BUSINESS EMAIL COMPROMISE One high-profile BEC case involved a Lithuanian cybercriminal that used the e-mail addresses of suppliers. Companies that were targeted include Apple and Facebook. By impersonating suppliers, the hacker was able to steal $100 million in two years. In another case, the FACC AG CEO was fired after such an attack cost the company $54 million. Business e-mail compromise attacks have already cost U.S. businesses at least $1.6 billion in losses from 2013 to the present. According to the Federal Bureau of Investigation, that number could easily be as high as $5.3 billion around the world. In 2016, there were at least 40,000 incidents of business e-mail compromise or other incidents that involve e-mails—an increase of around 2,370% since January 2015. In the second half of 2016 alone, the FBI reported more than 3,044 victims in the United States, with a combined loss of around $346 million. Where does most of the money go? Most of the victims are told to send the money to an Asian bank, usually in Hong Kong or China, or a bank in the United Kingdom. BEST PRACTICES FOR PROTECTING AGAINST BUSINESS EMAIL COMPROMISE Business e-mail compromise attacks are successful for three main reasons: Insufficient security protocols Social engineering Lack of employee awareness Multi-factor authentication should be implemented as an IT security policy. This will help prevent unauthorized access of e-mails, especially if an attacker attempts to login from a new location. In addition to stronger security protocols, employee education is also important. Employees should be trained on identifying fraudulent e-mails. Always be skeptical of urgent and rush money transfer requests, especially from C-level executives, and verify those requests, either by phone or in person |
Properties / Re: Lagos Warns Against Drilling Boreholes Without Licence, Permit by Eskdale(m): 9:42am On Jun 18, 2020 |
Op the headline would have been: Re: Lagos Warns Against waking up in the morning Without Licence, Permit. Lurbish! 2 Likes |
Religion / Re: Ibidun Ighodalo's Daughter, Zenan's Rendition At Her Service Of Songs by Eskdale(m): 9:37am On Jun 18, 2020 |
Foreign Affairs / Re: China Warns Britain That Beijing Will 'Strike Back If UK Steps Out Of Line' by Eskdale(m): 1:44pm On Jun 17, 2020 |
dermmy: Hong Kong in question was handed over to China by Britain. so there decision still matters 1 Like |
Politics / Re: Hilliard Eta Takes Over As Acting Chairman, Names Uzodinma Edo Primary Chair by Eskdale(m): 1:39pm On Jun 17, 2020 |
it will definitely end in tears.., have watched dis kind movie before. 1 Like |
Politics / Re: FFK: Pull Down The Statue Of Tinubu, The Slave Owner by Eskdale(m): 4:39pm On Jun 10, 2020 |
On 2 da next 1
|
Celebrities / Re: Top 5 Nigerian Musicians In The Diasporas by Eskdale(m): 4:29pm On Jun 10, 2020 |
This list is incomplete... What about: 1.kapital official (TKG) 2. Ezi-Emela 3.Onyi one Da. You can as well search for them both IG, Facebook or Google. 1 Like |
Crime / Re: Police Declare Lady Wanted For Sucking Baby's Genital In Viral Video (Photos) by Eskdale(m): 10:07am On Jun 09, 2020 |
Lastmankc: edit the pics put ur own |
Politics / Re: 'I Choose God' - Dino Melaye Says As He Flaunts Expensive Power Bike (Photo) by Eskdale(m): 9:57am On Jun 08, 2020 |
join my telegram channel for current movies and TV series no long talk.
you can also download them to your device
Eskdale media
Home of Entertainment https:///eskdale_medea
|
Politics / Re: 'I Choose God' - Dino Melaye Says As He Flaunts Expensive Power Bike (Photo) by Eskdale(m): 9:57am On Jun 08, 2020 |
join my telegram channel for current movies and TV series no long talk.
you can also download them to your device
Eskdale media
Home of Entertainment https:///eskdale_medea
|
Politics / Re: 50 Achievements Of Akeredolu Within 3 And Half Years (Photos) by Eskdale(m): 9:54am On Jun 08, 2020 |
join my telegram channel for current movies and TV series no long talk.
you can also download them to your device
Eskdale media
Home of Entertainment
https:///eskdale_medea
|
TV/Movies / 2019/2020 Action Movie Updates by Eskdale(m): 9:43am On Jun 08, 2020 |
join my telegram channel for current movies and TV series no long talk. you can also download them to your device Eskdale media Home of Entertainment https:///eskdale_medea
|
Politics / Re: Adamu Atiku-Abubakar: My Father Will Contest For Presidency In 2023 by Eskdale(m): 6:51am On Jun 08, 2020 |
|
Politics / Re: Lawan: We Passed Buhari’s $5.5 Billion Loan Request To Save 20 Million Jobs by Eskdale(m): 6:32am On Jun 08, 2020 |
new day, new story |
Webmasters / Re: Benue Blogger, Tessy Okwori Is Dead (Burial Photos) by Eskdale(m): 11:59am On Jun 03, 2020 |
TV/Movies / Re: The Best TV Series Right Now.... by Eskdale(m): 11:17am On Jun 03, 2020 |
check out: Bloodshot(2020)&Guns Akimbo(2019) and also Extraction (2020) |
Crime / Re: Uwa Omozuwa: Edo State Police Command Arrests One Suspect by Eskdale(m): 7:00am On Jun 02, 2020 |
einsteino: they can draw up data from commutation companies, inec ,nimc. Nigeria has a central data bank. |
Investment / I Just Cashed Out $330 For Real: Try These Steps To Earn. by Eskdale(m): 3:04pm On Jun 01, 2020 |
I will go straight to the point. A friend of mine introduced me to it and I joined, at first though I thought it wasn't real till I cashed out this morning. all you need to do is to follow the procedures, 1. Sign-up with the link below https://share.cshcrates.co/Eskdale you earn $50 just for signing up and $10 per-click. Once you get to $100 and above you can apply for withdrawal with specification of where to transfer your money to. mine was sent to my bitcoin wallet straight up no jokes. |
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (of 11 pages)
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 41 |