Scammers Exploit Turkey Coup Attempt with Timely Business Email Compromise (BEC) Lures

Share with your network!

It’s nothing new that attackers and scammers use popular events and national or regional crisis situations as lures to get victims to fall for their schemes. Tactics range from obtaining money as a fake charity, credential phishing or even malware downloads if victims click on the URL. However, attackers are now combining tactics from a number of different threats in order to try and increase their rate of success.

Using the recent unrest in Turkey and the ongoing instability, attackers have been employing business email compromise (BEC) tactics to try and extract money from unsuspecting victims. Proofpoint has seen organisations receiving email claiming to be from a high-ranking internal executive who is trapped in Turkey and needs funds to travel home.

As with other BEC or impostor email, this fraudulent email provides all the details needed to wire money, but contains no URL link or attachment, making the detection and prevention of this type of email threat a difficult proposition. We stopped these campaigns before they reached their intended victims across APAC, EMEA and North America.

BEC attacks are sent in very low volume and rely on careful research and targeting to identify their victims. This new campaign seems to follow the same process. For tips on how to combat the BEC threat, please visit