Attacks begin with a PHISHING EMAIL INVOICE and a PDF ATTACHMENT to unsuspecting victims in hopes that they will be paid without the recipient noticing that they are part of a scam. This attachment sometimes contains a unique ID and phone number with the suggestion that if there’s a problem, the victim should call, or the wording of the emails and attachment frequently changes to help bypass detection.
If the victim calls the number, they’re connected to a call center which is run by those behind the extortion scam and the operator can identify which company has been targeted by asking for the ID number. Then, under the false guise of helping the victim cancel the phony payment, guides the victim through steps required to download and run remote access software. With this access, the attacker downloads and installs a remote administration tool, which allows them to maintain access to the machine and secretly enable them to look for sensitive files and servers – and steal them.
The best advice to sidestep phishing scams is to slow down and be sure every invoice is associated with a known charge for a product or service. If you have any reason to be skeptical of the authenticity of an invoice, please reach out to the billing organization using a reliable contact method. Never engage with the sender using any contact information or instructions contained in these invoices or emails. Learning how to spot invoice fraud can help safeguard against attacks, but IMPLEMENTING EMAIL SECURITY POLICIES AND SOFTWARE provides the necessary protection against a range of business email compromise attacks.