A new email scam is targetting businesses indirectly by tricking finance personnel into handing over aged debtors reports. Here’s how the scam works.
- The scammer contacts the finance deparment of organisation ‘A’ from a spoofed email address pretending to be a manager or director within the same company, requesting a list of aged debtors.
- The finance department hands over the list of aged debtors to the scammer.
- With this information, the scammer creates a credible-looking demands for payment with information from the report, and assumes the identity of an employee on the finance team.
- The scammer contacts all the debtors from a spoofed email address from company ‘A’, requesting immediate payment with real information from the aged debtors list, but fake bank account details.
- To make sure that the targets fall for the scam, the attackers often offer a substantial discount.
The fact that scammers have now switched their targets from companies to their customers makes their attacks a lot more dangerous, and this new type of scam leads to established payment communication channels being contaminated, with employees and customers no longer trusting them.
To prevent this from happening to your organisation, your existing cyber security training needs to be updated to make staff more aware of this type of indirect attack. We can help with this by offering cyber security training to your staff. And the good new is that if you have a support contract with us, we offer this service for free. Call us on 01293 446677 for more information, or fill in the enquiry form at the bottom of this page for a quick response.