BEC: Homoglyphs, Drop Accounts, and CEO Fraud
CCI: Cyber Crime Investigation. Another day, another email attack - something smells “phishy” in the network. *Slowly puts on sunglasses and flips up trench coat collar* Time to go to work.
Just how easy is it for someone to steal your credentials? Because once they’re stolen, and sold for pocket change, it’s open season. Homoglyphs, drop accounts, email forwarding… is it any wonder billions of dollars have been lost to BEC (business email compromise)?
Join hosts Nic Fillingham and Natalia Godyla for a fascinating conversation with Peter Anaman, Director and Principal Investigator of the CELA Digital Crimes Unit, as they unpack the cybercrime section of the Microsoft Digital Defense Report to see what these phishers are up to. Scott Christiansen joins us later in the show to recount his journey to security and his role as an Adjunct Professor for Bellevue University's Master of Science in Cybersecurity, along with some great advice for choosing security as a profession.
In This Episode, You Will Learn:
- The difference between consumer and enterprise phishing
- The types of people and professions that are usually targeted in cyber attacks
- How putting policies on backups and policies to protect the organization in place will help prevent digital crimes
- The four categories of the internet: the dark web, the surface web, the deep web, and the vetted web
Some Questions We Ask:
- What would an example of credential phishing look like?
- What is the end goal for phishers?
- How are phishing and business email compromise techniques leveraged during the pandemic?
- What patterns are being seen when it comes to credential phishing?
- How do you use ML to classify whether a bug is security-related or not?
Listen to: Afternoon Cyber Tea with Ann Johnson
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.