Scams, Disinformation & Supply Chain Compromise
Now this might come to a shock to some of you but I’m not actually (as my LinkedIn profile currently says) Tony Stark! I know, shocking but it’s true. Why I’m experimenting with this will hopefully be apparent after reading this post (although this isn’t an explanation specifically). What I’m looking at is how deception is used from a range of perspectives from marketing, cybercrime and how we can use deception in a positive way, to actively defend ourselves from the cyber criminals! Read more “Can Cyber Deception be used as a force for good?”
Business email compromise can be a prelude to a range of attacks but commonly it’s either Ransomware of Scammers. In this post we are focsing on scammer activity which uses a ‘man in the mailbox’ attack to get in between two parties in an email converstation with the aim of attempting theft by fradulently altering a wire transfer so that the third party sends funds to the scammers not to the victim. There are cleary other avenues that can be leveraged (the compromised mailbox may be used to phish or email malware to another victim).
To gain access to the mailbox a range of techniques can be employed which includes:
- Credential stuffing
- Phishing and credential harvesting
Once they have your logon credentials, they now will attempt to access your mailbox.
Avoiding Geo Location Alerts
A scammer may use a public VPN service (such as services from AVAST etc.) to move their internet connection the target mailbox region. They can usually locate a person through some OSINT.
By moving to the normal area of the user they are less likely to trip geo location alerts. Read more “Business Email Compromise in Office 365”