. https://www.agari.com/email-security-blog/bec-goes-mobile/
blog article
Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics that cybercriminals leverage to obtain money or data via identity deception. Despite the evolution and repurposing of this suite of associated tactics, one constant has remained throughout—the correspondence between scammer and victim is done, almost without exception, over email. This foundational conduit between attacker and victim has also now become the focus of evolution, with actors increasingly looking to transfer potential victims from email over to SMS, as mobile devices make it easier to facilitate attacks. Like most BEC attacks, these new types of campaigns are initiated with an email sent to a prospective victim that is written to elicit a response. The only difference is that the scammer includes a request for the recipient’s cell phone number. By moving them over to their cell phone, the scammer is equipping their victim with all the functionality needed to complete the task that is to be given to them. A mobile device offers instant and direct messaging, the ability (in most cases) to still access email, the ability to take pictures with the phone’s camera, and far greater portability than a laptop, which all increases the chances that the scammer will be successful in achieving their desired outcome once a victim is on the hook READ MORE