I woke up early to join a webinar about the BEC aspect of the attack vector.
Unsurprising, the diversion of paying bills whether at a company or whatnot is still big. Office 365 is still big too when it comes to attacks.
For indivuals, they mentioned that some of these types of email we’ve talked about on our podcast series may now be coming in as direct images. Jaws could detect this and offer OCR, but i don’t know what NVDA offers in regards to this.
The good news is that the Nigeria 419 or advanced fee fraud is going down, but the bad news is that we could in fact see email in the form of an image which is attached.
This concerns me as I know Jaws can OCR these, but I don’t know what NVDA does.
The other thing is something we’ve talked about. They call these diversion schemes where they will now ask you if you have invoices to pay and when you’ll pay them. If you engage, you’ll be told to send it to another account.
This is why I tell you that if you know who your vendors are, you should be engaging with them, not someone who can impersonate them by using some type of account.
Free email providers are still part of the equasion where Hotmail, MSN and Outlook accounts could be used.
Before we go our spam solution in place, i was seeing tons of newer domains like .shop, .email, .today and possibly others. Since the spam solution, I’ve not gotten one over there, although there could be some false positives or things that slip through. There’s never going to be a 100 percent success rate in catching these types of things.
Once Fortra gets a recording, I’ll be sure to tape it and we’ll share it out through podcasts.
Thanks so much for reading, make it a great day! It was a great 45 minutes of my time, although the webinar was to only last a half hour.
More soon!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.