Phishing. Manufacturers. Wire Transfers.
Updated: Oct 28, 2019
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, a bank, often a real or plausibly real person, or a company vendor the victim might do business with. It's one of the oldest types of cyber attacks, dating back to the 1990's, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.
Tighten Up Your Accounting Controls
We became aware of a recent phishing attack that was extremely sophisticated & successful. It happened to a local manufacturer that was used to paying vendors large amounts of money via online transfers. They were going to pay their legitimate invoices to a current vendor - but the hackers requested a change to the vendor's banking information for payment.
These particular hackers actually hacked the vendor, and were monitoring the email exchanges between the manufacturer and the vendor. The invoices were legitimate and the hackers waited until the invoices came due, and the money was then sent to the hackers new bank account. Three invoices totaling $800,000 was sent to the hackers.
The manufacturers accounting department even asked for a verification of the banking change. They emailed that they were going to call the vendor. The hacker convinced them to accept the change on the vendor's letterhead, which was also easy to replicate/hack. The invoices were eventually paid, in 3 different payments, to the hackers.
We're used to unsophisticated hacking attempts using weird email addresses such as firstname.lastname@example.org - when receiving an email from your bank asking for information. As educated users, we are accustomed at hovering/verifying email addresses. However, these hackers are using slight variations of legitimate email addresses to trick users. For example:
email@example.com = legitimate
firstname.lastname@example.org = not legitimate
You can see how close that is - and how difficult it is to ascertain that it is not legitimate. They also use the same type of diction that their users use - making it even more difficult to challenge. Bottom line: If there is a change in banking information, call your trusted contact to verify the change. Email can no longer be trusted as a secure method of communication.
inSync offers classes educating our clients' users on spotting phishing attacks. Whether O365 or on-premise Exchange, Gmail...all are subject to phishing attacks. Educate your users to fight back!