US Companies Warned of New Type of Email Fraud
US companies have been warned of a fraudulent campaign using tactics similar to those of compromised email attacks (vecs). However, instead of focusing on stealing funds, the cybercriminals behind these attacks are targeting the goods produced or supplied by the victims.
The Federal Bureau of Investigation (FBI) has issued the warning on the frequent cases of fraud using fake purchases and sales schemes to obtain a variety of goods from suppliers across the country. The attackers use fake email domains that look like those of large American companies, creating fake invoices to initiate wholesale purchases.
The attackers carefully choose the name of the sender and other details in emails, often impersonating current or former employees of imitated companies to create a more believable attack.
According to the FBI, victims think they are performing legitimate business operations but in reality, they are falling victim to scammers. Losses from such fraudulent schemes reached $2.4 billion per 20,000 recorded complaints in 2021 alone in the United States.
Although the technical skills necessary for falsification of the email address, the actors of these harmful campaigns have a lot of experience in this area. The FBI recommends that large suppliers and other sellers always check the sender’s email before confirming their transaction. Reliable information about the buyer can be obtained from a reliable source like the company’s website, social networks, or online data databases.
Calling the company directly to verify information is also recommended, especially if the sender’s details seem suspicious.