There has been a rise in fraudulent emails containing suspicious wire transfers targeting finance department employees. Whilst this isn’t a new method for scammers, it is important to bring it to the attention of your teams, especially those with authority to make any online payments.
The purpose for the email is simple – to get the recipient to process a payment for non-existent goods or services by way or wire or credit transfer. The scammers send an email pretending to be from the CEO or senior executive to a targeted recipient such as an employee working in the finance department, who will have the ability to action payment requests. Another method used by these scammers involve registering domains similar to the target domain. For example if a scammer was targeting abccompany.com.au, they might register the domain abcc0mpany.com.au. Some might even receive an email from CEO@abcc0mpany.com.au. The reason for this is that when a recipient replies to the email, the scammer hopes that they might not notice the slight variation in the domain, thus establishing trust with the recipient.
A analysis conducted by Symantec, noticed that the scammers are sending the emails out on the dame day that they are registering domains. Likely in the hope that they can extract payment before the domain is reported and suspended.
Here’s a few examples of fraudulent emails so you can see what to look out for:
Figure 1. Fake payment request supposedly from a senior executive. Note, that some of these emails will contain a PDF document with instructions.
Figure 2. Example of a PDF containing instructions.
Figure 3. Fake payment request
Figure 4. Email header with a fake ‘from’ address and webmail ‘Reply-To’ address.
If you suspect that you have received scam email, check the email address headers to see where the email has originated from. If you receive an email with a thread that you’ve supposedly sent before, check with the person who has supposedly send the email. Reply to the send but obtain their email address using your company’s address book in your email client.
To ensure that you business does not fall victim to the scam, always investigate further before proceeding with the request.