Proofpoint closes acquisition of Tessian. Read More ->

Request a demo
Platform
Complete Cloud Email Security
Get a Platform Overview
Featured Content
What’s New
What’s New
Tessian Platform Overview Brochure
Product Resources
Tessian Platform Overview Brochure
Microsoft + Tessian: Comprehensive Email Security
Solution Briefs
Microsoft + Tessian: Comprehensive Email Security
Solutions
Tessian solutions by use case and threat types
Customers
Tessian case studies by use case and industry
Read more
Featured Content
Advanced Email Protection for Florida’s Largest Law Firm
Customer Stories
Advanced Email Protection for Florida’s Largest Law Firm
Next-Gen DLP For One of Africa’s Largest FinServ Groups
Customer Stories
Next-Gen DLP For One of Africa’s Largest FinServ Groups
Resources
Tessian content by use case and industry
Resource Center
Featured Content
Forrester has named Tessian a Strong Performer in The Forrester Wave™: Enterprise Email Security, Q2 2023
Research & Reports
Forrester has named Tessian a Strong Performer in The Forrester Wave™: Enterprise Email Security, Q2 2023
Company
About Tessian's mission and career opportunities
Read more
Request a demo
Request a demo
Request a demo
Request a demo
Request a demo
Request a demo
Threat Stories

Tessian Threat Intel Roundup for May

Tessian • Monday, May 30th 2022
Tessian Threat Intel Roundup for May

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

Tessian Threat Intel focussed on crypto and payment fraud campaigns for the month of May, particularly PayPal related scams which have become increasingly sophisticated over the last several months. Most recently we have identified scams relating to fraudulent email invoices requesting payment via PayPal, with some of these scams requesting payment in Bitcoin. 

 

Keep reading for recommendations for staying safe, and sign-up for our Threat Intel update to get this monthly update straight to your inbox. 

Social engineering remains a persistent global threat that continues to evolve to evade law enforcement and cybersecurity detection and prevention efforts.

 

Email-delivered crypto Business Email Compromise (BEC) campaigns are increasing in volume and sophistication.

 

Threat actors are targeting payment providers such as PayPal and fraudulently creating email invoices to perpetrate payment fraud.

 

Bitcoin is the preferred payment method due to its ability to transverse geographic borders.

 

In their latest annual IC3 report, the FBI notes over $43 billion has been lost globally due to BEC compromises in the past 5 years. The true figure is likely significantly higher due to unreported incidents.

 

The FBI notes phishing is increasing and remains the most reported cyber crime incident.

 

To stay safe: Never click on links from suspicious emails and be on the lookout for increasingly sophisticated BEC attempts to perpetrate invoice payment/wire fraud.

Cyber Criminals Leverage Temporary Block on PayPal Account in Phishing Attack
Advanced Email Threats, Threat Stories
Cyber Criminals Leverage Temporary Block on PayPal Account in Phishing Attack
Charles Brook • Friday, February 4th 2022
Read article

Tessian Threat Intel have noted an uptick in BEC efforts, with invoice/payment fraud the primary objective of threat actors.

 

We have been tracking payment provider related fraud since January 2022.

 

Also noteworthy is the increasing sophistication of campaigns targeting victims using a range of themes including the COVID-19 pandemic and, more recently, the conflict in Ukraine

 

Over the past 30 days we are still seeing an average of 45 new Ukraine themed domains registered every day. (See April’s round up on Ukraine).

 

Key themes of the attacks still include crypto donation scams as well as ecommerce spam, romance scams, and loans for refugees. 

 

The donation scams are increasing in volume and expanding in variety with themes for humanitarian aid and support for children or refugees.

 

As the digital payment market grows, so too will the range of attacks.

 

Bitcoin remains the preferred medium of payment for the BEC campaigns we have been tracking.

 

FBI notes a 65% increase in BEC fraud related losses globally in the period 2019 to December 2021.

Key Takeaways from Verizon’s 2022 Data Breach Investigation Report
Email DLP, Advanced Email Threats
Key Takeaways from Verizon’s 2022 Data Breach Investigation Report
Tessian • Thursday, May 26th 2022
Read article

Be suspicious of any invoice related request, even from a trusted party.

 

Always verify the authenticity of the invoice by contacting the party via an independent method, for example via telephone – and never use a telephone number provided in the suspicious email.

 

Report suspicious emails to your security administrator.

 

Use an advanced email protection solution that relies on behavioral intelligence modeling vs. a static, rule based approach to threat detection.

 

Report all BEC related losses to your relevant law enforcement agency – only by having an accurate picture on the extent of the crime threat, can we as a community harness the required resources to effectively deal with this challenge.

New Report From The Ponemon Institute: Data Loss Prevention on Email in 2022 Report
Email DLP
New Report From The Ponemon Institute: Data Loss Prevention on Email in 2022 Report
Negin Aminian • Wednesday, May 18th 2022
Read article

To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.

For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn

Tessian

Related Posts