Business Text Compromise (BTC)
Targets executives or finance teams with the intent to defraud companies.
Just like it’s annoying cousin, Business Email Compromise (BEC) BTC attacks will request information, funds to be sent, or wire transfer through a SMS or Text message. The cybercriminal will impersonate a trusted vendor or company executive and targets new employees who might know company processes yet or employees who access to bank information, like accounts payable or finance.
While BEC is deliver through email, cybercriminals are having success with this type of scam through SMS text messaging so it’s earned the name Business Text Compromise or BTC. Some sample subject lines include urgent, request for payment, and transfer.Some of the same categories of BEC scams are also present in BTC including:CEO or CFO Fraud: When a cybercriminal poses as the CEO or other executive and asks employees to complete a money transfer or send gift cards.Account Take Over: When an employee’s account has been hacked and used to request payments using email contacts and sent from the legitimate email address. Then payments are sent to cybercriminal’s bank accounts instead of the actual vendor.Vendor Impersonation- Vendors are often the target of these attacks, where cybercriminals impersonate vendors requesting fund transfers for payments to an account owned by cybercriminals.IRS Impersonation- Cybercriminals impersonating a lawyer asking for fraudulent requests to gather confidential information.
SlashNext Blog | Business Emai Compromise BEC
Today, while man-in-the-middle (MiTM) attacks are still a big concern, the security endpoint has changed to the browser, creating a MiTB phishing threat that poses real danger.
In recent years phishing has become the number one threat action over malware. Recent workforce changes spurred by the pandemic has led to an exponential increase in phishing attacks.
Just how prevalent are these phishing callbacks and C2 infections? In every client install we perform – 100 percent! – we see C2 infections and callbacks. Are you compromised?
In 2020 phishing exploded as the world faced a 100-year pandemic and many people moved to remote working and learning, which changed the phishing threat landscape forever.
It’s Time to Get Started with SlashNext
Learn how to leverage the industry’s best zero-hour phishing protection and IR solutions in your environment.
6701 Koll Center Parkway, Suite 250
Pleasanton CA 94566
© All Rights Reserved, SlashNext, Inc.