Vendors of major U.S. companies targeted in elaborate wire fraud scheme

Share this article:
Phishing emails use fake Mandiant China spy report bait to target victims
Attackers target third-party vendors in a wire fraud scheme against U.S. companies.

Using several tricks in the modern cyber con artist playbook – including phishing and email spoofing – a group of scammers thought to be based out of Nigeria are targeting third-party vendors in order to commit wire fraud against major U.S. companies.

Researchers with Ohio-based information security company TrustedSec have been following the group for longer than a month and observed the scammers successfully carrying out wire fraud attacks amounting to upwards of a million dollars, according to a Friday post.

“We were first notified of it last month and have seen a significant uptick and increase happening over that span,” David Kennedy, founder and principal security consultant of TrustedSec, told SCMagazine.com in a Tuesday email correspondence. “More than 15 large-sized companies [have been] affected that we can determine right now.”

Kennedy was not able to share the names of the targeted or impacted organizations, but he said these are hundred million dollar companies – some of which are in the Fortune 50 – based out of the United States and typically having an international presence.

Understanding the attack and remaining vigilant are key to avoiding the threat.

The attack generally begins with the scammers using social engineering to compromise a third-party vendor or partner email address in the accounts payable or invoicing department, according to the post, which adds that a domain name very similar to the vendor or partner is also registered.

Next, authentic looking communications, coming from the vendor or partner and containing legitimate signatures, are sent to the U.S. companies, according to the post, which explains that at some point the attackers slowly begin shifting over to the similar, yet phony domain.

It is then that the attackers begin requesting refunds, change orders, or lines of credit, according to the post, which adds that, if unsuccessful, the group will spoof emails from within the targeted company in order to authorize the transfers.

In some instances the scammers have even turned to social engineering via phone, the post adds, explaining that the attackers are very articulate, have little to no accent, and are persistent, meaning they will be pushy and become frustrated that the employee is wasting time.

Kennedy said that these fairly sophisticated attackers are having such good success with this scam because they are taking advantage of established relationships, built on trust, between companies and vendors.

“The scary part with this one is that they are using already trusted third parties and already have knowledge of certain financials from these companies,” Kennedy said. “The wire transfers are initiated because they already have a trust relationship with the company.”

TrustedSec has notified law enforcement and an investigation is ongoing.

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.