Ancient Tortoise: Ancient Tortoise, a Business Email Compromise (BEC) cybercrime group, began using Coronavirus themed emails to trick users into transferring funds. Researchers at Agari exchanged email messages with the threat actors as part of an ongoing BEC scam investigation. Ancient Tortoise spoofed executive email addresses within the targeted company to request aging reports, also called schedule of accounts receivable, then requested payments for the outstanding invoices to trick the victim into initiating a wire transfer to the attacker’s account. In the most recent campaign, emails stated that because of the Coronavirus, they are changing banks and included a new account for money to be transferred to. Agari researchers received instructions to wire payments to an account in Hong Kong, which is likely controlled by a money mule. BEC scams were responsible for over $1.8 billion in stolen revenue in 2019.
Analyst Notes
News as major as the Coronavirus draws the attention of a lot of people. Because there are a lot of changes happening across corporate networks, attackers hope to take advantage of the changes in procedures to help make their scam more believable. It is important for employees to keep in mind that when making major changes, they should inform employees that scams like these become more common. As news of the Coronavirus continues to dominate headlines, it is likely that there will continue to be scams and attacks taking advantage of it. More information can be found here: https://www.bleepingcomputer.com/news/security/ancient-tortoise-bec-scammers-launch-coronavirus-themed-attack/
