Targeted email attacks are becoming more frequent and sophisticated, according to researchers at cybersecurity firm Kaspersky.
The company claims that Business Email Compromise (BEC) has become a very popular method of attack among criminals. It revolves around impersonating an employee from the target company and initiating email correspondence with the victim. The end goal is always the same: to obtain sensitive data or even have the victim transfer the funds into the criminals’ accounts.
However, to ensure the success of these attacks, criminals need to profile their targets, a process that usually starts on social media. Attackers will try to obtain as many details about as possible, including the person's current position within the firm, usual connections, working hours, office locations and even holiday plans.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
These methods are now enhanced with new technologies, Kaspersky claims. AI, for example, could be leveraged create deepfake videos that could be used to “prove” the identity of the sender. Audio recordings could also be used to fake phone calls, requesting an urgent bank transfer, for instance.
“While doxing is generally believed to be an issue for regular users – we often see it figure in social media scandals—corporate doxing is a real threat for an organizations’ confidential data and one that should not be overlooked,” said Roman Dedenok, Security Researcher at Kaspersky.
“The doxing of organizations, just as of people, may result in financial and reputational losses, and the more sensitive the confidential information extracted is, the higher the harm. At the same time, doxing is one of the threats that could be prevented or at least significantly minimized with strong security procedures within an organization.”
Kaspersky has advised organizations to educate their employees on the dangers of cybercrime, to enforce a rule never to discuss work-related issues with anyone outside official communications channels and to deploy state-of-the-art anti-spam and anti-phishing solutions.
- Check out our best online security suite (opens in new tab) rundown