Business Email Compromise (BEC) scammers are now being seen targeting a company’s customers using an indirect attack method designed to collect customer’s data for a future attack according to Agari Cyber Intelligence Divsion. Attackers are impersonating CEO’s and other managers in an attempt to trick the company’s financial department into sending them aging reports–also known as a schedule of accounts receivable, which are sets of outstanding invoices that allow a company to keep track of outstanding debts. Attackers are obtaining this information by asking financial department employees for the aging reports while impersonating executives. Once they are successful, they ask for debt and payment information from the reported customers. Once scammers have this information, they are capable of creating legitimate-looking emails and target customers with the invoices and payment “deals.” If the customer decides to attempt to pay the outstanding balance, they are directed to an attacker-controlled payment portal. With some attackers switching targets to customers, this makes their attacks much more dangerous due to the fact that companies are unable to provide training to their customers in cybersecurity practices. BEC attacks have seen an unprecedented increase of approximately 476% growth between 2017 and 2018.
Companies are recommended to educate their employees in recognizing valid versus fraudulent email addresses and if asked for customers information, they should verify that the request is valid.