FBI Alerts: BEC Scammers are Posing as Construction Companies

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

 

The FBI has issued a warning to private sector enterprises about scammers masquerading construction companies in business email compromise (BEC) cyberattacks targeting firms in a variety of critical infrastructure sectors across the United States. 
BEC scammers utilize a variety of techniques (such as social engineering and phishing) to hijack or spoof business email accounts in order to redirect pending or future payments to bank accounts under their control. 
The alert was delivered to enterprises today via a TLP:GREEN Private Industry Notification (PIN) to assist cybersecurity professionals in defending against these ongoing threats. 
The instances are part of a BEC campaign that began in March 2021 and has already resulted in monetary losses ranging from hundreds of thousands of dollars to millions of dollars. 
The scammers use data collected from web services about the construction companies they spoof and the customers they’re targeting to successfully carry out these BEC attacks. Local and state government budget data portals, as well as subscription-based construction sector data aggregators, are used to gather valuable data (e.g., contact information, bid data, and project prices). 
The attackers can modify emails to undermine the victim’s business relationship with the construction contractors using the information they’ve gathered. The scammers send emails urging the victims to update their direct deposit account and automated clearing house (ACH) information to mak

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: FBI Alerts: BEC Scammers are Posing as Construction Companies

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!