Mother Technologies would like to draw attention to a fraudulent wire transfer technique that some of our customers have recently encountered. The technique is called spear phishing.

Spear Phishing relies upon email messages posing as urgent communications from senior officers sent to lower level employees. The messages demand that employees wire funds to destination accounts provided in the message.

These emails can be very convincing and are typically sent to corporate executives, corporate finance personnel, or others likely to have roles in authorizing or executing accounts payable operations. We highly recommend making your employees aware of this threat and cautioning them against falling victim to these attacks.

Typical signs to look for, beyond the obvious tone of the demand, are:

• Unusual or out of character emails sent from senior executives
• An email address that closely impersonates your company’s domains
• The body of the email instructs payment of all new or outstanding invoices via wire transfer to a new bank account
• The body of the message may often include a fake, back-dated “original message” in an attempt to set the context of the transfer request
• Attached to the email may be a PDF document containing wire transfer instructions, including bank name, account number, etc.
• Wire transfer destinations typically include banks in the US, UK, China and Taiwan

The method in which scammers accomplish this are:

1. Registration of “typo squatting” domains that for all intents and purposes look like the target company’s domain, but are subtly different. For example, the legitimate domain www.mybusiness.com would be registered as www.mybusiiness.com.
2. Creation of email accounts at the fake domain that mirror legitimate executive email accounts. For example Joe.CEO@mybusiness.com would be created as Joe.CEO@mybusiiness.com, and the common name that appears on the email account would be identical to the original account, such as Joe CEO.
3. The attack often relies upon knowledge of key players within the company and emails that are highly convincing to the recipients are created. They rely upon the fact that when the CEO asks you to do something, you do it without question.
4. Emails are sent to lower level employees from executives that are brief and urgent, demanding the transfer of funds and the progress of the transfer, thus making the request appear more authentic.

Using Your Web Presence Against You

How do you become a target of a spear phisher? It’s accomplished via perfectly innocent information you have made available on the internet.

For example, they might scan social networking sites, find your page, your email address, your contacts list. An attacker will use information sources (free and subscription-based) to build background knowledge of a target individual or organisation. This information found online is called Open Source Intelligence (OSINT) and the process of collecting it is known as Reconnaissance.

Organisations share information across the internet via their public website or social media sites. This information may be published by themselves or by their business partners. An attacker will aim to acquire as much information about a target as possible, as the more information they have available, the greater the chance the Spear Phishing email will be seen as a legitimate communication.

We are currently working with our software partners to improve the techniques used to detect and block these types of emails.

Please let us know if you have any questions or need our assistance.