Light Dark
October 3, 2019 By David Bisson 2 min read

The Silent Starling cybercriminal group is conducting vendor email compromise attacks to target unsuspecting customers.

In its analysis of the group and its three main threat actors, Agari observed Silent Starling conducting vendor email compromise attacks by sending phishing messages to vendors and suppliers. The group used those emails to trick recipients into divulging passwords that would enable the attackers to access the targeted email account. Once in control, Silent Starling set up a forwarding rule so that it would receive copies of all emails sent to that account.

Agari noted that Silent Starling set itself apart from other business email compromise (BEC) groups by waiting, sometimes as long as months, to observe emails exchanged on the compromised account, gather information and formulate a strategy. When they were ready, the criminals used the compromised account to send an invoice to one of the victim vendor’s customers. That message used modified banking details to trick the customer into sending payment to an attacker-controlled bank account.

The Rise (and Fall) of BEC Scammers

The costs associated with BEC scams are at an all-time high. In September 2019, the FBI’s Internet Crime Complaint Center (IC3) revealed that global losses stemming from BEC scams cost approximately 160,000 victims more than $26 billion in damages between June 2016 and July 2019.

It’s no wonder the FBI has stepped up its efforts to bring BEC scammers to justice. One big crackdown came in June 2018 when the Department of Justice arrested 74 alleged fraudsters, including 42 U.S. residents, for targeting hundreds of individuals with BEC scams. Even so, that takedown paled in comparison to Operation reWired, during which the FBI arrested 281 individuals involved with an international BEC scheme.

Help Defend Against Vendor Email Compromise

Security professionals can help defend against vendor email compromise attacks by creating a security awareness program and developing a security culture that’s unique to the organization. Companies should also seek to leverage partnerships and third-party services, including phishing intelligence feeds that integrate with security information and event management (SIEM), to stay on top of the latest email threat campaigns.

 |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

July 26, 2024

test img

8 min read - What is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and…

July 26, 2024

img test

7 min read - test imgWhat is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature