Security Alert: Wire Transfer Scam

We are issuing this security notice to alert our customers to a fraudulent wire transfer technique that some of our customers have encountered this week. The technique is called spear phishing and relies upon email messages posing as urgent communications from senior officers to lower level employees. The messages demand that employees wire funds to destination accounts provide in the message.

These emails can be very convincing and are typically sent to corporate executives, corporate finance personnel, or others likely to have roles in authorizing or executing accounts payable operations. We highly recommend making your employees aware of this threat and cautioning them against falling victim to these attacks. Typical signs to look for beyond the obvious tone of the funds transfer demands are:

Suspicious emails sent to executives or received from executives

Check the sender’s email address closely for spoofed or impersonated domains

The body of the email instructs the target to pay all new or outstanding invoices via wire transfer to a new bank account

The body of the message often includes a fake, back-dated “original message” in an attempt to set the context of the transfer request

Attached to the email is a PDF document containing wire transfer instructions, including bank name, account number, etc.

Wire transfer destinations typically include banks in the US, UK, China and Taiwan

The technical details of how scammers accomplish this are as follows:

  1. Scammers register “typo squatting” domains that for all intents and purposes look like the target company’s domain, but are subtly different. For example, the legitimate domain www.mybusiness.com would be registered as www.mybusiiness.com.
  2. Scammers then create email accounts at the fake domain that mirror legitimate executive email accounts. For example Joe.CEO@mybusiness.com would be created as Joe.CEO@mybusiiness.com, and the common name that appears on the email account would be identical to the original account, such as Joe CEO.
  3. The attack often relies upon knowledge of key players within the company and emails that are highly convincing to the recipients are created. They rely upon the fact that when the CEO asks you to do something, you do it!
  4. Emails are sent to lower level employees from executives that are brief and urgent, demanding the transfer of funds and the progress of the transfer, thus making the request appear more authentic.
  5. Please let us know if you have any questions or need our assistance.