Scammers are reportedly claiming to be corporate CEOs in email scams designed to steal up to hundreds of thousands of dollars from targeted companies.
Sterling IT has had one of its clients be hit with this twice and we believe they phished the email addresses from their website.
The staff also had their titles with their email addresses making it very easy.
Stay Smart Online has received a report that scammers misrepresenting themselves as corporate CEOs are sending fake emails to the CFOs of targeted companies. These emails request that up to hundreds of thousands of dollars be transferred urgently from targeted businesses to apparently legitimate bank accounts held by third-party individuals. However, these bank accounts may have been established using the details of people who have been victims of identity theft.
The relatively sophisticated scam appears to be identical to, or a recurrence of, the ‘Business Email Compromise’ or ‘Wire Fraud’ scam that Stay Smart Online provided an Alert about in October 2014. Details of the 2014 scam were provided by CERT Australia. The FBI has published similar reports regarding the ‘Business Email Compromise’ scam.
Businesses are advised to be suspicious of unexpected, urgent demands for large sums of money by any person – including CEOs and other senior leaders. You should always verify these requests directly with the person involved, and follow all governance and due diligence processes.
CERT Australia provides the following advice:
- Consider adding a second method of verification for large financial transfers, such as verbal verification between employees.
- Alert employees to be vigilant with regard to these incidents, especially those conducting or authorising wire transfers or similar financial instruments.
- Do not reply to the email.
- Sender Policy Framework (SPF) checking should be implemented to detect and prevent sender address forgery.
- Review network logs for evidence of the indicators provided in this Alert.
- Configure mail servers and mail scanners to block and remove emails with the indicators provided in this Alert.
- Report identified activity to CERT Australia.
If a company has been defrauded as a consequence of these emails, report the matter to local police for investigation and escalation as appropriate.