Cybercriminals are developing smarter tactics for scamming businesses, gaining the trust of target employees they’re attempting to trick with business email compromise (BEC) schemes well before actually duping them into transferring payments.
BEC – or CEO fraud – is carried out by hackers who’ve managed to become so familiar with a business that they’ve gained knowledge of management roles – information they’ve usually gained through a successful phishing scheme, or even just from the public domain.
Using this inside information, they generate a fake email which looks like it has been sent by senior management requesting a financial transfer be made — but the money isn’t transferred within the organisation, but rather into the wallets of online criminals. The scheme has become so successful the FBI has warned that $3.1 billion has been lost to CEO scams.
Rather than just sending a message requesting a financial transfer out of the blue as in other phishing schemes, these fraudsters attempt to gain the trust of their victims before asking for the fraudulent payment to be made.
Researchers at Symantec have noted that these scammers are now using informal and familiar language in emails sent to gain trust of their victim and don’t reveal that they want a payment until they believe that the victim will comply with the request.
For example, the scammers will ask the victim if they’re at their desk or if they’re in the office that day, before moving onto the subject of a transfer and how to do it. In this case, they claim to be a member of senior management who wants a payment to be made to a private account, but with promises of an invoice at a later time.
Read more about it on ZDNet here: http://zd.net/2f9nWgH