Business Email Compromise (BEC)
,
Fraud Management & Cybercrime
,
Fraud Risk Management
STG Logistics CISO on BEC Compromise, AI and Web Scraping
Business email compromise is still one of the most active and costly forms of cybercrime. Using phishing and social engineering, threat actors abuse employee’s trust and familiarity with certain tools or sites as an entry point.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
But scammers aren’t just submitting fake invoices and spoofing emails. They are also scraping websites, mirroring login portals and using compromised customer and vendor accounts to launch fraud campaigns. With the proliferation of artificial intelligence tools and deepfake technologies, organizations are struggling to distinguish real requests from fake ones.
“BEC is now so well-crafted that you’re very easily fooled,” said Scott Fitzgerald, CISO at STG Logistics. “We see websites being scraped to look like ours, fake invoices, fake truck driver information. All these things are designed for theft, but more than that, they’re also designed to get into your company and steal your information.”
In this video interview with Information Security Media Group at the Fraud and Financial Services Summit in New York, Fitzgerald discussed:
- The continued evolution of BEC compromise;
- AI tools from a defensive and offensive standpoint;
- How a strong security-aware culture helps organizations respond to incidents.
Fitzgerald is a certified CISO, CISSP and data privacy solutions engineer with more than 25 years of experience leading teams in multiple industry verticals including healthcare, logistics and transportation, state and local government, and other highly regulated industries. He has led information security vision, strategy, program and operations in corporations ranging from $2.1 billion to $5.5 billion in revenues – enabling business through strategic alignment of information security and enterprise objectives, and maintaining a highly secure profile.
Credit: Source link
