Un-CODE-ing the Threat: How Punycode Powers the Latest BEC Attacks

Collection of financial data: Targeted attempts to extract sensitive financial information, such as pending payment details and contact information.

Executive Impersonation: Emails impersonated high-ranking executives, including the CEO and President, to increase credibility.

Exploitation of Authority: The attack leveraged the human tendency to comply with perceived authority figures, encouraging victims to act without question.

Verified Source: Email sent from a domain that passed sender authentication checks.

PunyCode Domains: The emails utilized impersonated names of company’s CEO and CFO and look-alike domains using PunyCodes, such as hìghpressure[.]com and exxonmbíl[.]com.

Benign content: The absence of malicious links or attachments allowed the email to bypass traditional security measures.

Behavioral Analysis: Abnormal's Human Behavioral AI detects deviations from normal communication patterns, like unusual AR requests from high-ranking officials.

Content Analysis and Natural Language Processing: Abnormal understands the email's content, recognizing the urgency and financial implications as indicators of a financial themed attack.