Organized Crime Group Scams US Companies Out Of Millions

  /     /     /  
Publicated : 22/11/2024   Category : security


Organized Crime Group Scams US Companies Out Of Millions


Social engineering attack tricks companies into large wire transfers.



An organized crime group has spent the last month defrauding US companies, fooling them into making large wire transfers into fake partners accounts.
According to a
blog posted Friday by researchers at security firm TrustedSec
, the crime group is conducting a major offensive against US firms using a sophisticated social engineering attack that appears to be a request for funds from one of the victim companies legitimate partners. The attacks have a high rate of success, often fooling enterprises into sending amounts of $50,000 to $1 million, the blog says.
A number of companies are still unaware that they have been victims of this attack, TrustedSec says.
The attack works in much the same way as a traditional phishing attack, only the stakes are much higher. The attacker compromises an email account in the victims accounting department -- or that of the business partner -- and then registers an Internet domain that is very similar to the partners legitimate domain name.
The attacker will establish communications with the victim using the partners email credentials, often communicating via legitimate company letterhead with legitimate signatures. Initially, the communications may include the legitimate domain names.
Once communications have been established, the attacker will then submit requests for funds, change orders, or lines of credit from the victim company, TrustedSec says. If the initial requests dont work, the attacker may spoof emails to authorize the funds transfer or conduct a convincing social engineering attack over the phone.
The attackers often are successful in getting wire transfers to the fake domains, the blog says. A large number of the transfers are processed by banks in China.
Note that the attackers are persistent; they use emotional triggers in order to entice the affected company to expedite the fraudulent requests, says TrustedSec. They will become agitated, demand that it be expedited and even spoof emails coming from internal employees to coax the company to hurrying the process. They will also target your company again if successful.
IT organizations should warn their accounting departments about this fraud and verify all transactions with third-party partners and vendors, TrustedSec advices.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Organized Crime Group Scams US Companies Out Of Millions