Hooded Hacker Stealing Passwords

Security Alert: Finance Departments Need To Be Super Vigilant

A recent ZDNet Security post describes a dastardly attack vector allowing scammers to produce exact replicas of expected invoices that, if paid, will funnel sizeable cash balances into criminal bank accounts.

Here’s how they do it:

  • Using phishing attacks against vendor companies, hackers acquire the email login credentials of billing department personnel.
  • After acquiring the credentials, the scammer sets up a redirect, forwarding copies of all emails to a criminally-controlled mailbox.
  • The hacker then monitors the email traffic; getting to know the exact nature of specific company/vendor relationships, the timing of invoices, average amounts, the layout of notification emails, copying invoice templates, etc.
  • Once they know enough, the scammer then creates exact replicas of an invoice, mimics the format of vendor emails and sends it to a company that would be expecting such a bill.
  • The only difference in the invoices is the bank account information. Targeted Finance Department personnel makes the change to the new bank and sends payment.
  • Only when the victim receives an inquiry from the legitimate vendor is the scam uncovered.

What to do:

  1. Make sure everyone in your Finance Department is aware of this type of scam.
  2. Place a secondary check on all significant outgoing payments.
  3. Verify, directly with your vendor, any changes in payment processing.
  4. DO NOT call the vendor from the telephone number on the invoice when a change is detected, always use the official number in your records or from their official website.
  5. Periodically review email rules and look for emails being forwarded to unknown addresses.
  6. Where available, use multifactor authentication on email accounts to prevent someone from accessing them from the outside.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment