2/03/2015

New Email Scam - Wire Transfer Requests from your own Co-Workers

The first new email scam we've seen this year has occurred with two of our clients so far. It's a wire transfer email scam, but what makes this one so dangerous is that the emails appear to be coming from your coworkers or even your managers. We found this CRN article and it turns out many businesses were hit with this at the end of 2014.
"Over a three month-period from October to December, a total of $179.7 million was bilked from nearly 1,200 victims using a tactic the FBI calls Business E-mail Compromise. Businesses that routinely make wire transfer payments are at the greatest risk of being targeted in an attack...
'Some phishing attacks target high-level business executives, compromising their email accounts to send a bogus message to an employee within the company responsible for processing requests. Attackers also have used hijacked email accounts from other employees to send bogus email messages requesting the fraudulent wire transfer,' the FBI said"
Since the emails come from a name and email address the victim commonly communicates with, they don't raise the usual red flags.
"'Fraudulent email requests for a wire transfer are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,' the FBI said."
You may be thinking, "But I'm a small business, why would I be a target?"
"Victim organizations vary in size from small businesses with a few employees all the way up to large enterprises."
This new form of phishing is called "spear phishing" - when the email in question appears to be from an individual or business that you know.
"The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you."
This scam also falls under "social engineering," which is defined as the "psychological manipulation of people into performing actions or divulging confidential information." This is a very helpful guide to recognizing "Social Engineering Red Flags" from KnowBe4.com (view the PDF).

https://www.baroan.com/images/stories/documents/SocialEngineeringRedFlags.pdf

In one of the instances we witnessed, the phishing email had used the exact email address of a client's employee but the client's domain name spelling was off by one letter. You may not notice details like that on first glance, but closer examination will reveal little details like that which are slightly off.

How can you avoid the scam?
  • Always verify wire transfers over the phone or in person.
  • Setup your email so any outside emails are tagged as "[EXTERNAL]" in the subject (This can be done by Baroan or your network admin.)
  • Study the Social Engineering Red Flags!