Incident Reports of Targeted BEC Campaigns Continue
The NJCCIC continues to receive numerous incident reports from organizations around the State impacted by various business email compromise (BEC) campaigns, such as direct deposit scams and real estate wire transfer scams. Unlike generic phishing scams, BEC campaigns are a highly targeted form of social engineering, oftentimes incorporating preliminary reconnaissance on potential victims. To make email messages appear more legitimate and believable, malicious actors commonly spoof the source name and/or email address of a familiar contact, use email domains that mimic a trusted source, or compromise a legitimate business account. The body of these messages often portray a sense of urgency and instruct the recipient to transfer funds or other sensitive information to the malicious actor, or to update paycheck direct deposit information to the malicious actor’s account. The NJCCIC recommends users refrain from forwarding or responding to these messages, and instead verify the source and instructions of any monetary transaction or request for sensitive data received via email through a separate means of communication. We also encourage users to view our publication Don’t Be Fooled: Ways to Prevent BEC Victimization for additional tips and information about BEC campaigns and how to reduce victimization.