Attempted Payments Fraud Via Email Compromise: What Does It Look Like? 

Sponsored content submitted by PNC

Payments fraud attempts are widespread across all industry types as a result of email compromises and financial malware infections. Understanding how these fraud schemes are designed to infiltrate and compromise your business and taking action to prevent them are critical to your defensive strategy. It is imperative that employees with access to funds movement services are aware of these fraud schemes and can recognize potentially fraudulent or malicious activity against their email or login credentials. These are very real threats, and we encourage you to educate staff throughout your organization. 

Cybercriminals initiate fraudulent payment requests, or requests to change payment instructions, from email accounts that appear to be from a company executive (such as the CEO or CFO) or from a known external partner, such as a supplier. The fraudulent “From” email address may be a fictitious account in the executive’s name, or it may be a slight variation of a legitimate supplier email address — both of which can trick the recipient into believing that the communication is valid. It is also possible that the sender’s legitimate email account has been compromised, making it essential that employees are able to recognize the characteristics of a fraudulent payment request. 

Also be mindful that even when an email account is not compromised, there is quite a lot of information available in “Open Source” records (social media, public records) that cybercriminals can obtain easily in developing such schemes. For example, large construction contracts, such as for universities or hospitals, are disclosed in public filings. Cybercriminals can access these records, register a website impersonating the legitimate contractor, and initiate communication with the university or hospital introducing a “new” accounts receivable contact and account number set up specifically for this contract.  

Oftentimes, the cybercriminals will wait several months before initiating contact and use open-source records to identify accounts payable personnel. In such schemes, the cybercriminals don’t need to know the amount of the upcoming payment or even the projected date for the payment. Instructions sent typically state something like: “All payments going forward should be made to the new account number and to the attention of the new accounts receivable contact.” As construction contracts are typically paid in net 30-, 60- or 90-day increments, often the victims are unaware of the fraud until weeks or months have passed, making recovery of funds extremely difficult.  

Another email impersonation fraud scam targets employee direct deposits. Hacked or spoofed employee email accounts are used to request changes to the employee’s direct deposit information. As with all email requests relative to payments, you should confirm them with the requestor at a known telephone number. 

This article was reprinted with the permission of PNC. CLICK HERE to view the original post or to learn more on how you can protect your organization from cybercriminals, REGISTER for the Windy City Summit.