Business Email Compromise (BEC) scammers switch from emails to SMS

• Scammers are adopting SMS as a communication platform for Business Email Compromise (BEC) attacks as mobile devices are easier to facilitate attacks.
• In order to do this, BEC mobile scammers are using temporary US-based phone numbers and are utilizing services such as Google Voice to perform multiple attacks from the same US number.

What is the issue - Scammers are adopting SMS as a communication platform for BEC attacks as mobile devices are easier to facilitate attacks.

How does this work?

• Email security firm Agari noted that this new BEC attacks leveraging SMS begin with regular phishing emails sent to the targeted victims pretending to be from the CEO or senior staff.
• They then request the victims to send their phone numbers so that the scammer can send information on a task they need to be taken care of.
• Once victims respond back with their phone numbers, these scammers switch to SMS messages from emails.
• In order to do this, BEC mobile scammers are using temporary US-based phone numbers and are utilizing services such as Google Voice to perform multiple attacks from the same US number.

“Having access to a US number also enables the actor to create a Google Voice number, which still prove to be extremely popular with non-US based cyber-gangs. Features such as being able to create personalized greetings that can be assigned to specific callers makes the use of multiple personas easy to manage,” researchers explained in a blog.

Worth noting

• Using such features, these scammers can send and receive messages directly from a computer via a desktop web site and perform attacks against multiple targets.
• These scammers can also keep a track of what has been said by recording voice calls and voicemails.

The big picture

• Once the victims send their phone numbers, these scammers start communicating with them via SMS.
• These scammers impersonate the CEO and ask victims to purchase gift cards and send the scratched off codes back to them via text.
• Once the victims send the redemption codes, these scammers quickly convert them into bitcoin using online marketplaces like Paxful.

How to stay protected?

• To stay protected from such attacks it is important for organizations to train their employees on how to react for emails/SMS that request any sort of financial task.
• It always best to ensure the sender’s email address and confirm directly with the sender in person or via phone call regarding the email.