BEC Scammers Employ New Tactic to Target Customers
Oftentimes, BEC scammers target a company by attempting to convince an employee to divulge information or divert funds to an account under the scammer’s control; however, recent attacks highlight a new tactic. BEC scammers are now engaging with companies to obtain information on their customers in order to target them instead. In one campaign, the scammers pose as a CEO and request an employee to provide them with an “aging report” detailing customers’ overdue invoice payments. They can use this information to then target the customers, requesting invoices be paid to an account under the scammer’s control. The scammers can entice the customer to pay by offering a reduction on the total amount due. The NJCCIC recommends users exercise caution when choosing to respond to emails requesting sensitive information, ensuring the request is legitimate by contacting the requestor via a separate means of communication. Additionally, users are advised to refrain from acting on emails requesting payment and, instead, call the company directly to make a payment or visit the company’s official website by manually typing the URL into the address bar of a browser. Maintaining awareness of this and similar threats can help to reduce victimization. Please see the Agari article for more information on this tactic.