Business Email Compromise, or BEC attacks have been observed targeting top executives in companies large and small. The fraudsters who specialize in this fraud have a new trick up their sleeves.
In a recent case, a firm hired a new CFO in January. Within weeks of his arrival, he received spoofed emails from the organization’s CEO, asking human resources and the accounting department for employee W-2 information.
Fraudsters go for W-2 information because it contains virtually all of the data they would need to fraudulently file someone’s taxes and request a large refund in their name.
These scams are quite sophisticated and have been very successful. What’s different about them is that the thieves are not taking the money directly, they are persuading employees in trusted positions unknowingly to send it to them.
They often attempt to find out when the executive might be travelling and often compromise other employees’ inboxes beforehand via a phishing attack to gain access and scan the content for keywords that show whether the company regularly wires transfers. Once access has been gained, they will tailor the emails with wording to make it appear as though the executive is in urgent need and not in the office by adding “sent from my mobile device” as the signature.