Fandom

The IT Law Wiki

E-mail account compromise

32,195pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

E-mail account compromise (EAC) is

a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms.[1]

Overview Edit

"In EAC scams, criminal actors use social engineering or computer intrusion techniques to compromise the e-mail accounts of unsuspecting victims. In many cases, a criminal actor first gains access to a victim's legitimate e-mail address for reconnaissance purposes. The criminal actor then creates a spoofed e-mail account that closely resembles the legitimate account, but is slightly altered by adding, changing, or deleting a character. The spoofed e-mail address is designed to mimic the legitimate e-mail in a way that is not readily apparent to the targeted individual. The criminal actor then uses either the victim's legitimate e-mail or the spoofed e-mail address to initiate unauthorized wire transfers.

"In some cases, the funds from unauthorized wire transfers are directed to money mules located in the United States. In other instances, wire transfers are directed to accounts of financial institutions outside of the United States. [C]riminal actors are starting to follow up on wire transfer requests by calling to confirm the transactions or to comply with wire transfer protocols, thus making the transaction appear more legitimate."[2]

References Edit

  1. E-mail Account Compromise.
  2. Id.

Also on Fandom

Random Wiki