We’ve warned our readers several times about different types of phishing attacks and the methods cyber criminals are using to steal your information. Today, we alert you that cyber criminals are now taking over email inboxes without phishing attacks.
As always, attackers are constantly finding new ways to intrude. While phishing attacks such as email spoofing and social engineering are still an active danger, attackers have now developed a new method. These new methods are even more intrusive and quick than other phishing methods.
A recent release of this information from our partner KnowBe4 states, “Compromised credentials being offered on criminal forums, exposed through third-party compromises, or vulnerable through misconfigured backups and file sharing services, make the opportunity to profit from business email compromises easier than ever.”
This new method of attack is made possible primarily through three methods.
- Paying for access. Some situations include outsourced actors who get paid to gain a company’s credentials and then share it with these cyber criminals.
- Getting lucky with previously compromised credentials.Because people often make the mistake of repeating passwords, criminals can get lucky and reuse email and password combinations of the finance department that had previously been compromised.
- Searching across misconfigured archives and file stores. If employees do not archive their emails in a secure manner, then this is more likely to happen.
“With declining barriers to entry for BEC, and more ways to monetize this type of fraud, we can expect the losses to continue to rise and perhaps even accelerate in the near term.”
Be sure to do all that you can to protect yourself from the newest methods of these cyber criminals. Keep your employees informed and aware. For more information on what you can do, click here.