American venture capital firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January 20, 2021. An unauthorized third party gained remote access to the employee’s email mailbox of one VC firm, with the apparent aim of conducting a wired version scam. BEC fraudsters use a combination of social engineering, phishing, and hacking to compromise business email accounts with the end goal of redirecting payments to bank accounts under their control. The FBI warned US companies about scammers actively abusing email auto-forwarding rules.
Source: https://www.bleepingcomputer.com/news/security/vc-giant-sequoia-capital-discloses-data-breach-after-failed-bec-attack/