A new email scam is targeting high-level executives at medium and large organizations. The malicious emails ask for payment on outstanding invoices, but executives who pay up are really sending company dollars straight to the pockets of cybercriminals.
Discovered by cybercrime protection firm PhishLabs, the new scam attempts to convince targets to wire funds to various accounts controlled by the criminals behind the scam. And these fraudsters are very sneaky, taking every possible measure to make their scam look legitimate. [ See Related Article: 4 Ways to Protect Your Business from Cybercriminals]
PhishLabs noted some key characteristics of the scam:
- The email was sent to corporate executives.
- The email sender impersonates an executive at another company.
- The spoofed sender info uses look-alike domain names that closely resemble the corporate domain names of the organization being impersonated.
- The spoofed sender appears to be with an actual reseller or distributor with a pre-existing corporate relationship with the targeted organization.
- The body of the email instructs the target to pay all new or outstanding invoices via wire transfer to a new bank account.
- Attached to the email is a PDF containing wire-transfer instructions, including a bank name and account number.
One of the reasons the new email scam is so dangerous is that the scammers aren't sending spoofed invoices that can be identified as fakes, Don Jackson, PhishLabs' director of threat intelligence, explained in a company blog post. Rather, the attackers are counting on the fact that the accounts payable departments at the targeted companies will have actual unpaid invoices from the companies being spoofed.
Jackson also noted that the spoofed email messages sent to company executives even contain fake "original messages." In other words, the fraudsters are attempting to make it seem as though they have had previous contact with the organizations they're trying to scam. These "original messages" are back-dated so that the email conversation appears to be several days old, and they include information detailing the proposed transfer of funds to the fraudsters' account.
The scammers also create fake email addresses using the real names of executives at the companies they choose to impersonate. PhishLabs found that the perpetrators of this vicious scheme are most likely getting the information needed to spoof email addresses and craft convincing emails from data on professional networking sites.
PhishLabs recommended that companies take the following steps to reduce their risk of falling victim to this new cyberattack:
- Implement filtering for messages that match the known patterns detailed above.
- Educate finance-department personnel on the characteristics of this scam.
- Require validation of new banking information with trusted accounting contacts at suppliers, distributors and resellers before authorizing the transfer of funds.
- Share information and samples with security and fraud contacts.