Email payment scam continues as real employees receive fake requests from their CEOs
Capstone Information Technologies, a computer IT services firm in Rochester, NY, has seen a recent rise in an email scam effecting small businesses in the area. Scam emails requesting wire transfers or email payments are not new. However, the evolution of one particular spam campaign that has been around since the Fall of 2014 is serious enough for us at Capstone IT to spread additional awareness of this particular scam.
PLEASE NOTE: If you have received this type of email, please know that your email has NOT been hacked. It’s just that the email address is being spoofed.
The scammers' technique has progressed into making their email appear as if it was sent by the CEO of a company to fellow employees of that company. Staff in the finance department are often, but not exclusively, targeted. The request within the email asks the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer (see Figure 1). Their hope is that the employee will assume it is a legitimate message since it “came” from the CEO, and will go ahead with making the transfer or payment. These imposter emails are usually accompanied by PDF documents containing wire transfer instructions (see Figure 2).
How do scammers pull off these innocent-looking payment requests that have managed to reach companies of all sizes, many right here in Rochester, NY? Their process involves quickly creating and using false email domains that are very similar to the real ones a CEO would use to send an internal email. Can you immediately spot the difference between an email sent to you at [email protected] from [email protected]? The extra letter, as just one example, is what these cyber crooks are hoping employees won’t notice before following directions from an imposter higher-up.
The goal is to extract payment from the business before the domain is discovered and reported as fraudulent. Here is an example of a scam email sent to a mid-sized, Rochester NY business:
Figure 1. Email with a request from the CEO to a CFO of a Rochester business
The business, protected by Capstone Information Technologies as its managed IT service provider, was fortunate in its discovery before almost $40,000 of funds were lost. Proper monitoring with spam filters and consistent anti-virus updates can eliminate big risks from companies where emails could bring in potential threats.
Figure 2. PDF document with wire transfer information
Variations of this scam include emails with no attachments and just one line of text. This version of the scam requires the email recipient to reply to the message, then the scammer will forward on instructions for payment.
Here are a few tips to keep in mind and pass on to your employees:
- Ask; is it normal for your CEO to dictate that you should handle payment for the given circumstance? Is the request following standard company procedure? Is the request lacking in details that would ordinarily be provided in a payment situation?
- Check the sender’s email for accuracy and compare the address domain to another message received from that sender. Double check by hitting “reply” to see if the return address is off from the email address you know is correct. Triple check by simply asking the person who has supposedly sent the email if the request is valid.
- If you have any suspicions about an email requesting a wire transfer, notify your IT support team before you process any payments or before you open any links or attachments. Layers of security are a company’s best line of defense from hackers who try new tricks daily to get employees to give up information and money.
Capstone IT is a computer support company that protects thousands of employees and their devices daily from intrusive emails that could lead to cyber-crime. Our clients include hundreds of small and mid-size businesses in Rochester, Buffalo and the surrounding Western NY area. Want more knowledge? Download our Free eBooks and get answers to the most common security and other technology questions.