Mother Technologies would like to draw attention to a fraudulent wire transfer technique that some of our customers have recently encountered. The technique is called spear phishing.
Spear Phishing relies upon email messages posing as urgent communications from senior officers sent to lower level employees. The messages demand that employees wire funds to destination accounts provided in the message.
These emails can be very convincing and are typically sent to corporate executives, corporate finance personnel, or others likely to have roles in authorizing or executing accounts payable operations. We highly recommend making your employees aware of this threat and cautioning them against falling victim to these attacks.
How do you become a target of a spear phisher? It’s accomplished via perfectly innocent information you have made available on the internet.
For example, they might scan social networking sites, find your page, your email address, your contacts list. An attacker will use information sources (free and subscription-based) to build background knowledge of a target individual or organisation. This information found online is called Open Source Intelligence (OSINT) and the process of collecting it is known as Reconnaissance.
Organisations share information across the internet via their public website or social media sites. This information may be published by themselves or by their business partners. An attacker will aim to acquire as much information about a target as possible, as the more information they have available, the greater the chance the Spear Phishing email will be seen as a legitimate communication.
We are currently working with our software partners to improve the techniques used to detect and block these types of emails.
Please let us know if you have any questions or need our assistance.