Security Alert: Finance Departments Need To Be Super Vigilant

October 10, 2019

Joseph Imperato, Sr., Partner, XSolutions

A recent ZDNet Security post describes a dastardly attack vector allowing scammers to produce exact replicas of expected invoices that, if paid, will funnel sizeable cash balances into criminal bank accounts.

Here’s how they do it:

  • Using phishing attacks against vendor companies, hackers acquire the email login credentials of billing department personnel.
  • After acquiring the credentials, the scammer sets up a redirect, forwarding copies of all emails to a criminally-controlled mailbox.
  • The hacker then monitors the email traffic; getting to know the exact nature of specific company/vendor relationships, the timing of invoices, average amounts, the layout of notification emails, copying invoice templates, etc.
  • Once they know enough, the scammer then creates exact replicas of an invoice, mimics the format of vendor emails and sends it to a company that would be expecting such a bill.
  • The only difference in the invoices is the bank account information. Targeted Finance Department personnel makes the change to the new bank and sends payment.
  • Only when the victim receives an inquiry from the legitimate vendor is the scam uncovered.

What to do:

  1. Make sure everyone in your Finance Department is aware of this type of scam.
  2. Place a secondary check on all significant outgoing payments.
  3. Verify, directly with your vendor, any changes in payment processing.
  4. DO NOT call the vendor from the telephone number on the invoice when a change is detected, always use the official number in your records or from their official website.
  5. Periodically review email rules and look for emails being forwarded to unknown addresses.
  6. Where available, use multifactor authentication on email accounts to prevent someone from accessing them from the outside.


Subscribe to Guest BlogGuest Blog