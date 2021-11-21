AGI – Thousands of telephone and email contacts of high-profile personnel from hundreds of Italian and European private and public companies are for sale on the darkweb and could be subject to fraud attempts or cyber attacks in the coming weeks. This is the result of an investigation by Yoroj, one of the major Italian cybersecurity companies, which AGI was able to preview. Cert Yoroj has identified 3,887 contacts of managers working mainly in the banking and insurance sectors in the darknets. The risk, explains Yoroj, is that these contacts “become the target of so-called CEO-fraud” or scams in which cybercriminals manage to use the profiles of managers and CEOs to target other victims.

“The Cert Yoroi invites you to alert the staff of banks and insurance companies to unexpected emails, to verify their contacts and to respond carefully to unexpected phone calls, finally to report suspicious messages and requests to the internal security bodies of your company”. This is what we read in a note from Yoroi, the information security company that identified the contacts of 3,887 managers of Italian and European companies for sale on the dark web. The dark web is the darker side of the deep web, the part of the web that is not indexed by search engines, therefore inaccessible through those used by common users, such as Google or Bing.

The phenomenon of email scams is on the rise and, according to the FBI, produced $ 1.8 billion in damage to businesses in 2020 alone, Yoroi explains. The sum is greater than the ransomware-based ransomware proceeds. Last August, thanks to the Europol investigations, 23 suspects were indicted following a series of Bec scams carried out simultaneously in 20 countries – the Netherlands, Romania, Ireland and others – which defrauded dozens of companies for about 1 million euros.

Business Email Compromise (Bec) scams are a form of email fraud in which the cyber-criminal “masquerades” as a manager or employee to trick the recipient into responding to an unexpected request such as transferring money to a different account than the usual one by leveraging the authority of the alleged sender of the email and the urgency of the action, explains Yoroi.

In the Bec scams, the cybercriminals “recommend that victims keep the communication received via email confidential, to communicate only by email and not to ask for other explanations on the phone”. “Therefore, attention must be paid to unusual and urgent requests made in imprecise Italian and coming from email addresses unknown or similar at first glance to the originals, to deceive the victims (for example with domains like tucompany.com instead of tuimpresa.it) or asking the recipient to reply to a different reply address “, he explains Yoroi’s note.