BEC, business email compromise, has caused great loss globally.
According to securityweek.com, a Nigerian man was sentenced to 60 months in prison for his role in fraudulent business email compromise (BEC) scams.
The criminal, Onyekachi Emmanuel Opara, was charged for defrauding thousands of victims of more than $25 million.
Opara used a very common tactic to deceive the victims into believing the received information was from the supervisors or the third party vendors the companies did business with.
Opara and his co-defendant Adindu targeted victims worldwide, including the United States, the United Kingdom, Australia, Switzerland, Sweden, New Zealand, and Singapore.
Common tactics used by the deceivers include,
- Similar domain names with subtle difference. For example, 0rbitsun.com can be used to replace orbitsun.com. This is also call homoglyphs. In this example, zero is used to replace the letter o.
- Metadata modification. Making the sender look like someone you know by altering From header. From header is basically a free text. It can changed to any name. There are a few methods to correlate the domain name appearing in From header with the real domain name.
In both cases, the MTA (Mail Transfer Agent) will happily accept the email and deliver it into your mailbox. Even a person who has been trained to stay alerted, there is always a moment to become careless.
Mr. Post is designed to unveil these hidden facts and visualize them on user interface. Clicking Mr. Post makes recognizing email scam easily.
Don’t be the next fraud victim. Install Mr. Post on Microsoft AppSource at zero cost!