Weekly SEA

IBM X-Force IRIS Uncovers Active Business Email Compromise Campaign Targeting Fortune 500 Companies
Comment: IBM X-Force Incident Response and Intelligence Services (IRIS) recently identified malicious groups actively targeting Fortune 500 companies using business email compromise (BEC) scams to steal financial assets. These threat groups, believed to be based in Nigeria, employ these tactics to trick their victims into transferring millions of dollars into fraudulent bank accounts. The phishing emails are typically sent from spoofed accounts and designed to mimic legitimate correspondence from the company’s vendors or clients. However, the groups use them to request changes in payment procedures, such as asking that new payments be sent to an “updated” account number. As BEC scams can employ sophisticated tactics to fool victims, businesses are strongly encouraged to implement account security features such as multi-factor authentication, observe strict wire transfer policies, and verify vendors and clients prior to conducting any financial transactions.

Oscar Scams Ran Wild Thanks to Twitter Bots
Comment: On Sunday night during the Academy Awards, an extensive social media spam campaign ran rampant on Twitter lasting until Monday morning. Celebrities who used the platform during the ceremony to post messages were impersonated by bots that would respond to both the targeted celebrities and their fans in an effort to spread malicious URLs. Social media platforms are used by a range of malicious actors to trick unsuspecting victims into clicking malicious links. Social media users are urged to use caution when clicking on any links shared through the platform, even if they are posted by someone the user knows personally, as they could lead to phishing sites or result in the installation of malware on the user’s system.