We have become aware of increased occurrences of a cybersecurity scam that criminals are using to steal money from corporations. The scam works like this:
The cybercriminals break into one of your vendors email systems. For a period of time they surveil email traffic between the vendor and its customers. They identify customers that owe large sums of money to the vendor. They then purchase an email domain that is very similar to the vendor’s email domain. For example, if the vendors domain is @acmeproducts.com they might purchase @acmepoducts.com. They then email your account payables department with very convincing looking emails with details about invoices and amounts owed and offer very attractive payment discounts if you pay today. The criminals then supply a method of submitting payment which will be different than your normal process with the vendor. Once you submit payment, they will send a fake confirmation that the invoice has been paid. You will probably be unaware of the scam until the next time the real vendor contacts you about payment which may take weeks or months.
It’s important to note in this scenario that your systems were never compromised. It was your vendor’s email that was compromised, not yours.
There are several keys to avoid being scammed:
- Make sure everyone in your company who deals with money is aware of this scam.
- Carefully check email domains any time you are dealing with money.
- If a vendor asks you to send payment in a way other than you have normally paid them, you should call the vendor directly and confirm the change in payment terms. Don’t accept a call from the vendor as proof. That could be the cybercriminals trying to fool you.
- Any time a vendor is offering you a non-standard discount for paying an invoice call the vendor and confirm the discount.
This is a VERY serious threat. Individual companies have lost millions of dollars to this scam. If you have recently paid an invoice which involved a special discount be sure to check with your vendor immediately to confirm that it was legitimate.
Please contact us if you have any questions.
