Business e-mail compromise is the new black

Being a realistic optimist and after seeing the first ransomware attacks in 2015 (even though they originate from 1989), I predicted this kind of family wrecking exploits, where parents loose all childhood pictures, would never die. Simply coz of the fact that it monetizes any computer, regardless what’s on it but on the correct assumption that there is always something of value stored on it. I did not foresee the recent development of ruthless attacks on municipalities, companies and schools. Even buying an entry and then manually distributing the ransomware manually! Or what about infecting traffic cameras. And then the whole ecosystem called Ransomware as a service.

And then there is BEC (Business E-mail compromise), also known as CEO Fraud.

What is BEC/CEO Fraud?
It’s a targeted e-mail attack that tricks their victim, by spoofing the CEO’s e-mail address, into taking an action they should not take. If you think this easy to spot imagine having an existing e-mail thread where suddenly the attackers insert a spoofed e-mail and demand payment to a certain bank account number:

BEC generates more than $10 billion in the US, $26 billion worldwide for the criminals.

The regular advice for countering the risks of BEC is to give a call to your boss.
Now comes my prediction: this will be countered at least once by SIM swapping and by using Deepfake Audio/video.

What? Oh. really? The last part was already done, just not yet in combination with SIM swapping.

*the picture is from the FBI website: