A new phishing tool, which bypasses MFA, is causing a spike in BEC cases
QBE’s claims team and S-RM’s Incident Response team have recently observed a significant increase in the number of Business Email Compromise (‘BEC’) cases ending in attempted payment fraud.
Most of the cases we have worked on appear to be linked to a global phishing campaign using a new tool – called EvilProxy – used to bypass most forms of multi-factor authentication (‘MFA’) and compromise user accounts.