Beware of email spoofing and wire fraud.
Do you know what’s in your email inbox? Some dangerous messages could be lurking from fraudsters attempting to convince you to wire money to them, all while acting as legitimate companies. This practice, known as email spoofing, leads to financial damage for targeted companies and increased stress for everyone involved. Knowing the signs of email spoofing can help safeguard your corporate accounts.
How Email Spoofing Works
- Look for this characteristic pattern:
- Emails are sent to legitimate recipients at a targeted company.
- The email sender impersonates, or spoofs, a legitimate contact from a reputable outside company or from inside the recipient’s own company.
- The spoofed sender info uses look-alike domain names that closely resemble the corporate domain names of the organization being impersonated.
- The body of the email instructs the recipient to send money via wire transfer to a new bank account.
- Wire transfer instructions are attached to the email including bank name, account number, etc.
- An email spoofing attack leverages the likelihood that the Accounts Payable department at the targeted company will have actual invoices from the spoofed company. Attachments usually include only wire transfer information in the form of a text object that many email filters can inspect.
- The body of the email often includes a fake “original message” to set the pretext that the targeted recipient has had a previous conversation with the impersonated sender regarding a wire transfer. In the faked included message, the impersonated sender’s actual domain name is used by the fraudster, and a look-alike domain name is in the headers of the actual message. The faked message is also back dated, as if the supposed email conversation occurred several days prior.
- Fraudsters typically use the actual names of executives. The domain names, however, are look-alike domain names which are very similar to those of the spoofed organizations. For example, the fraudsters might attempt to register and send email from the domain name “examp1e.com” when spoofing the sender from a company using the actual domain “example.com.”
Who is Targeted?
- Spoof emails are sent to corporate executives, corporate finance personnel or others likely to have roles in authorizing or executing accounts payable operations.
- Analysis suggests that the link between targeted organizations and the spoofed senders may have been gleaned from data available on professional networking websites.
Recommended Actions
- We recommend organizations take the following steps to reduce the risk of falling victim to these attacks:
- Implement filtering for messages that match known patterns detailed above.
- Educate anyone who has the ability to send a wire so that they are familiar with this scam.
- Require validation of all wires using a two-factor authentication step, such as connecting to the requester via phone.
- Share information and samples with security and fraud contacts.