Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

State of Email Security 2022: Every Company’s Riskiest Channel |  Read the Full Report →

Threat Intel

Tessian Threat Intel Roundup for May

by John Filitz Monday, May 30th, 2022

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

Tessian Threat Intel focussed on crypto and payment fraud campaigns for the month of May, particularly PayPal related scams which have become increasingly sophisticated over the last several months. Most recently we have identified scams relating to fraudulent email invoices requesting payment via PayPal, with some of these scams requesting payment in Bitcoin. 

 

Keep reading for recommendations for staying safe, and sign-up for our Threat Intel update to get this monthly update straight to your inbox. 

Social engineering remains a persistent global threat that continues to evolve to evade law enforcement and cybersecurity detection and prevention efforts.

 

Email-delivered crypto Business Email Compromise (BEC) campaigns are increasing in volume and sophistication.

 

Threat actors are targeting payment providers such as PayPal and fraudulently creating email invoices to perpetrate payment fraud.

 

Bitcoin is the preferred payment method due to its ability to transverse geographic borders.

 

In their latest annual IC3 report, the FBI notes over $43 billion has been lost globally due to BEC compromises in the past 5 years. The true figure is likely significantly higher due to unreported incidents.

 

The FBI notes phishing is increasing and remains the most reported cyber crime incident.

 

To stay safe: Never click on links from suspicious emails and be on the lookout for increasingly sophisticated BEC attempts to perpetrate invoice payment/wire fraud.

Tessian Threat Intel have noted an uptick in BEC efforts, with invoice/payment fraud the primary objective of threat actors.

 

We have been tracking payment provider related fraud since January 2022.

 

Also noteworthy is the increasing sophistication of campaigns targeting victims using a range of themes including the COVID-19 pandemic and, more recently, the conflict in Ukraine

 

Over the past 30 days we are still seeing an average of 45 new Ukraine themed domains registered every day. (See April’s round up on Ukraine).

 

Key themes of the attacks still include crypto donation scams as well as ecommerce spam, romance scams, and loans for refugees. 

 

The donation scams are increasing in volume and expanding in variety with themes for humanitarian aid and support for children or refugees.

 

As the digital payment market grows, so too will the range of attacks.

 

Bitcoin remains the preferred medium of payment for the BEC campaigns we have been tracking.

 

FBI notes a 65% increase in BEC fraud related losses globally in the period 2019 to December 2021.

Be suspicious of any invoice related request, even from a trusted party.

 

Always verify the authenticity of the invoice by contacting the party via an independent method, for example via telephone – and never use a telephone number provided in the suspicious email.

 

Report suspicious emails to your security administrator.

 

Use an advanced email protection solution that relies on behavioral intelligence modeling vs. a static, rule based approach to threat detection.

 

Report all BEC related losses to your relevant law enforcement agency – only by having an accurate picture on the extent of the crime threat, can we as a community harness the required resources to effectively deal with this challenge.

To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.

For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn

John Filitz Research Lead & Sr. Technical Writer