1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
We are here for your business - COVID-19 resources >
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Grow Your Business Sales & Marketing

Email Scam Targets Executives: How to Protect Yourself

image for A new email scam is targeting CEO and trying to get them to pay fake invoices. / Credit: Phishing image via  Shutterstock
A new email scam is targeting CEO and trying to get them to pay fake invoices. / Credit: Phishing image via Shutterstock

A new email scam is targeting high-level executives at medium and large organizations. The malicious emails ask for payment on outstanding invoices, but executives who pay up are really sending company dollars straight to the pockets of cybercriminals.

Discovered by cybercrime protection firm https://www.businessnewsdaily.com]

PhishLabs noted some key characteristics of the scam:

  • The email was sent to corporate executives.
  • The email sender impersonates an executive at another company.
  • The spoofed sender info uses look-alike domain names that closely resemble the corporate domain names of the organization being impersonated.
  • The spoofed sender appears to be with an actual reseller or distributor with a pre-existing corporate relationship with the targeted organization.
  • The body of the email instructs the target to pay all new or outstanding invoices via wire transfer to a new bank account.
  • Attached to the email is a PDF containing wire-transfer instructions, including a bank name and account number.

One of the reasons the new email scam is so dangerous is that the scammers aren't sending spoofed invoices that can be identified as fakes, Don Jackson, PhishLabs' director of threat intelligence, explained in a company blog post. Rather, the attackers are counting on the fact that the accounts payable departments at the targeted companies will have actual unpaid invoices from the companies being spoofed.

[For a side-by-side comparison of the best antivirus software, visit our sister site Business.com.]

Jackson also noted that the spoofed email messages sent to company executives even contain fake "original messages." In other words, the fraudsters are attempting to make it seem as though they have had previous contact with the organizations they're trying to scam. These "original messages" are back-dated so that the email conversation appears to be several days old, and they include information detailing the proposed transfer of funds to the fraudsters' account.

https://www.businessnewsdaily.com also create fake email addresses using the real names of executives at the companies they choose to impersonate. PhishLabs found that the perpetrators of this vicious scheme are most likely getting the information needed to spoof email addresses and craft convincing emails from data on professional networking sites.

PhishLabs recommended that companies take the following steps to reduce their risk of falling victim to this new cyberattack:

  • Implement filtering for messages that match the known patterns detailed above.
  • Educate finance-department personnel on the characteristics of this scam.
  • Require validation of new banking information with trusted accounting contacts at suppliers, distributors and resellers before authorizing the transfer of funds.
  • Share information and samples with security and fraud contacts.
Business News Daily Editor

Business News Daily was founded in 2010 as a resource for small business owners at all stages of their entrepreneurial journey. Our site is focused exclusively on giving small business advice, tutorials and insider insights. Business News Daily is owned by Business.com.