Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


BEC Scammers Take a New Approach to Large Payouts

Business email compromise is one of the most common scamming techniques used today, and scammers always find new means to find a payday. Recently scammers have taken to impersonating investors who have recently bought into an investment fund but haven’t requested any funding yet. Scammers will take advantage of the lack of activity and pose as the investor to solicit funds (capital call). By doing so, the attackers can request large sums of money that can be double or triple the amount of a typical executive scam.

Analyst Notes

While this set of targets is relatively small compared to other target groups, scammers will put in a significant amount of effort for the payout. It is always recommended that when dealing with requests for large amounts of funding, a phone call should be made to the requester to verify its legitimacy as a start. A best practice to prevent BEC scams is to have a previously agreed-to process in place to verify any changes to payment details with proper communication channels and appropriate testing and auditing.