BEC-as-a-service offers hacked business accounts for as little as $150
Graham Cluley reports:
New research has revealed that business email compromise is being made easier for any criminal to add to their arsenal.
Researchers at threat intelligence firm Digital Shadows report that companies don’t even need to be hacked to spill their address books and email archives. Careless backups of email archives on publicly-accessible rsync, FTP, SMB, S3 buckets, and NAS drives have exposed some 12.5 million archive files (.eml, .msg, .pst, .ost, .mbox) containing sensitive and financial information.
The researchers found over 50,000 email files that contained terms such as “invoice”, “payment”, or “purchase order” terms in misconfigured or unauthenticated file stores. In some cases, the email archives have even contained passport scans.
Read more on Graham Cluley.