A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise (BEC) attack. So far, researchers have observed thousands of messages being sent to companies, predominantly delivered to retail, telecommunications, healthcare, energy and manufacturing sectors. Of note, the campaign leverages Google’s Forms survey tool. This use of Google Forms by cybercriminals is not new and is routinely observed in credential phishing campaigns to bypass email security content filters. However, in this attack, the use of Google Forms may also prompt an ongoing dialogue between the email recipient and the attacker – setting them up as a victim for a future BEC trap, researchers say. “This hybrid campaign combines the benefits of scale and legitimacy by leveraging Google Services with social engineering attacks, more commonly associated with BEC,” according to Proofpoint researchers in a Wednesday analysis. The messages contain unique names of C-level executives from the target organizations, indicating that the cybercriminals have done their homework when it comes to pinpointing victims. The messages themselves are “simple but convey a sense of urgency,” said researchers – they ask the victim if they have a “quick moment” to carry out a task, as the purported sender is supposedly heading into a meeting or too busy to handle the task themselves, and point to a…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-01-21 10:02:002021-01-21 10:02:00Google Forms Set Baseline For Widespread BEC Attacks
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org