IT, Cybersecurity and Compliance Solutions in Washington and Oregon

The Basic Framework of COVID-19 Themed Wire Fraud

Written by Byron Martin | May 7, 2020

According to a report from Microsoft, COVID-19-themed cyber attacks spiked to nearly a million a day during the first week of March 2020. 

Business Email Compromise (BEC) and Wire Fraud

Now-a-day’s it’s very easy to find out via social media, names and titles of personnel within a company. Business Email Compromise (BEC) targets employees with access to company funds through compromised accounts belonging to CEO’s and senior management. Typically, hackers target businesses that process a lot wire transfers, with the goal of using social engineering to send money to the attacker or using malware to gain access to computers used by financial decision makers to then wire themselves money.

With the global pandemic, hackers are adapting their phishing campaigns using COVID-19 themed emails and even text messages. Messaging such as “due to the Coronavirus outbreak and precautions, please redirect all invoices to the following bank account..” Or referencing the federal government stimulus payments in order to get the user to click a malicious link and then infect their machine with malware.

 

Here’s how the wire fraud scam works:

  • Target the CEO, CFO or other financial decision-maker with malware intended to take over their computer.
  • Watch the email conversations, closely monitoring for opportunities to redirect wire transfers.
  • Redirect incoming emails related to pending wire transfers to the scammer’s mailbox folder.
  • Create a lookalike domain impersonating the corporation.
  • Fake Company A is now sending emails using spoofed real email addresses and names to those involved with the wire transfer from real Company B, hijacking the email thread with both parties/corporations using the new domain as the from address.  All replies will now no longer involve the real Company A.
  • Continue to reroute all inbound emails from Company A, removing any legitimate communications from Company B.
  • Provide new banking details to Company B for an existing, pending, wire transfer.

Essentially, the scammers target a specific company, create spoof domains and emails, spend a ton of time gathering intel and sorting through innumerable emails between the compromised mailbox and third parties including their bank, identifying contacts at the bank and either intercept or start new wire transfers.

 

 

Teknologize has clients throughout the Pacific Northwest with offices located in the Tri-Cities, Washington 509.396.6640 and Bend, Oregon 541.848.6072.