Saturday, September 26, 2020

Business Email Compromise

Some of you who receive this type of email are confused why it was sent to you.  You don't have a payroll, or in charge of invoices.  So why did you get it?

Business Email Compromise (BEC) are a type of scam that attempts to gain logins to networks and computers, or if lucky, just get sent the money.  The FBI has a good write up on this practice.

Here is what I received today (notice it looks like it is coming to and from the same person):

(The "split by alphabet" is the same link)

I checked, and Foley Law Firm does not have an office in Taiwan, which is where this domain is registered (drv.tw).

Looks like I'm not the only one who received this.  It's been scanned before.  And the verdict is malicious.  

Here is the landing page, if you clicked on the link.  

This is a login form commonly found in Microsoft Exchange.  Here the would be bad guys are attempting to gather email/domain and password to access the Foley Law Firm.  Once that is obtained, they could possibly then pivot into the rest of the company.  This is why this is known as a BEC - Business Email Compromise.  This one probably would have been recognized as such.  Just interesting why it showed up in my inbox.  First thought may be to click and find out what they could possibly want with me - which is why you always need to have those second thoughts!