Ars Technica describes how businesses in 62 countries were targeted by a ‘Business Email Compromise’ attack that tricked CEOs and business leaders into transferring large sums of money to the attackers. One scam used imitative domains containing the word ‘office’ to mimic trusted parties. Another involved a fake Microsoft App which asked permission to access the victim’s accounts, using Covid-19 as a lure. Such attacks often go unrecognised, according to Microsoft, because there is no request for a password. The technique, known as ‘consent phishing’, may even get around two-factor authentication, says the news site. Instead users are advised to look for misspelled words, bad grammar or unusual word combinations.
'Consent phishing' attacks can defeat two-factor authentication. Sophisticated Office 365 account fraud revealed and closed down by Microsoft
We give innovators and regulators a forum in which to explore, debate and agree the best policies and regulatory frameworks for widest societal benefit.
Insight: Exchange: Influence
We give members a voice through conferences, symposiums and private meetings, as well as broad exposure of their differing viewpoints through articles, reports and interviews.
The new website will make it easier for you to gather fresh insights, exchange views with others and have a voice in the debateTake a look Learn more about our updates
You are seeing this because you are using a browser that is not supported. The International Institute of Communications website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.