Jul 5, 2022

Threat actors increasingly use third parties to run their email scams

Cloud Email Security vendor Abnormal Security released new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before.

Business Email Compromise (BEC) attacks rely upon the ability to impersonate somebody within an organization or a trusted external partner, and is usually targeted directly at an individual or small group of users. It seems as organizations and security vendors work to protect against common types of phishing scams, cybercriminals always seem to stay one step ahead by adapting their tactics to get around established security controls.

Financial supply chain compromise is one further step - a subset of business email compromise in which cybercriminals take advantage of known or unknown third-party relationships to launch sophisticated attacks. The goal is to use the legitimacy of the vendor or supplier name to trick an unsuspecting employee into paying a fraudulent invoice, changing billing account details, or providing insight into other customers to target.