Joseph Imperato, Sr., Partner, XSolutions
A recent ZDNet Security post describes a dastardly attack vector allowing scammers to produce exact replicas of expected invoices that, if paid, will funnel sizeable cash balances into criminal bank accounts.
Here’s how they do it:
- Using phishing attacks against vendor companies, hackers acquire the email login credentials of billing department personnel.
- After acquiring the credentials, the scammer sets up a redirect, forwarding copies of all emails to a criminally-controlled mailbox.
- The hacker then monitors the email traffic; getting to know the exact nature of specific company/vendor relationships, the timing of invoices, average amounts, the layout of notification emails, copying invoice templates, etc.
- Once they know enough, the scammer then creates exact replicas of an invoice, mimics the format of vendor emails and sends it to a company that would be expecting such a bill.
- The only difference in the invoices is the bank account information. Targeted Finance Department personnel makes the change to the new bank and sends payment.
- Only when the victim receives an inquiry from the legitimate vendor is the scam uncovered.
What to do:
- Make sure everyone in your Finance Department is aware of this type of scam.
- Place a secondary check on all significant outgoing payments.
- Verify, directly with your vendor, any changes in payment processing.
- DO NOT call the vendor from the telephone number on the invoice when a change is detected, always use the official number in your records or from their official website.
- Periodically review email rules and look for emails being forwarded to unknown addresses.
- Where available, use multifactor authentication on email accounts to prevent someone from accessing them from the outside.