Vendors of major U.S. companies targeted in elaborate wire fraud scheme

Share this article:
Phishing emails use fake Mandiant China spy report bait to target victims
Attackers target third-party vendors in a wire fraud scheme against U.S. companies.

Using several tricks in the modern cyber con artist playbook – including phishing and email spoofing – a group of scammers thought to be based out of Nigeria are targeting third-party vendors in order to commit wire fraud against major U.S. companies.

Researchers with Ohio-based information security company TrustedSec have been following the group for longer than a month and observed the scammers successfully carrying out wire fraud attacks amounting to upwards of a million dollars, according to a Friday post.

“We were first notified of it last month and have seen a significant uptick and increase happening over that span,” David Kennedy, founder and principal security consultant of TrustedSec, told SCMagazine.com in a Tuesday email correspondence. “More than 15 large-sized companies [have been] affected that we can determine right now.”

Kennedy was not able to share the names of the targeted or impacted organizations, but he said these are hundred million dollar companies – some of which are in the Fortune 50 – based out of the United States and typically having an international presence.

Understanding the attack and remaining vigilant are key to avoiding the threat.

The attack generally begins with the scammers using social engineering to compromise a third-party vendor or partner email address in the accounts payable or invoicing department, according to the post, which adds that a domain name very similar to the vendor or partner is also registered.

Next, authentic looking communications, coming from the vendor or partner and containing legitimate signatures, are sent to the U.S. companies, according to the post, which explains that at some point the attackers slowly begin shifting over to the similar, yet phony domain.

It is then that the attackers begin requesting refunds, change orders, or lines of credit, according to the post, which adds that, if unsuccessful, the group will spoof emails from within the targeted company in order to authorize the transfers.

In some instances the scammers have even turned to social engineering via phone, the post adds, explaining that the attackers are very articulate, have little to no accent, and are persistent, meaning they will be pushy and become frustrated that the employee is wasting time.

Kennedy said that these fairly sophisticated attackers are having such good success with this scam because they are taking advantage of established relationships, built on trust, between companies and vendors.

“The scary part with this one is that they are using already trusted third parties and already have knowledge of certain financials from these companies,” Kennedy said. “The wire transfers are initiated because they already have a trust relationship with the company.”

TrustedSec has notified law enforcement and an investigation is ongoing.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff ...

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.