Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    BEC = “Because it’s Easy Cash” Scammers Trick Employees Into Giving Away Customer Info

    aging-report

    Business Email Compromise—also known as CEO Fraud—scammers are now targeting a company's customers using a new indirect attack method designed to collect information on future scam targets by asking for aging reports from collections personnel.

    Aging reports, also known as a schedule of accounts receivable, are sets of outstanding invoices which allow a company's financial department to keep track of customers who haven't yet paid services or goods they were allowed to buy on credit.

    "It’s an essential tool for both accounts and management to maintain an overview of their credit and collection processes, and breaks down outstanding debts into thirty-day increments, culminating with payments that are more than ninety days overdue," says Agari threat researcher James Linton.

    BEC (also known as Email Account Compromise - EAC) fraud schemes are scams through which crooks trick organizations' employees into wiring money to entities they trust but whose bank accounts were swapped with ones controlled by the crooks.

    BEC attacks have seen an explosive Q4 476% YoY growth

    The attackers have been intercepted by Agari Cyber Intelligence Division (ACID) while posing as CEOs of targeted companies and requesting information from employees on invoices that are overdue for payment in the form of an aging report.

    Name deception and free email accounts were used by the crooks in their attempt to deceive company employees to follow up to their demand for company records.

    Not asking for payments straight out is exactly what makes this new BEC attack so unusual seeing that, in most other similar scams, financial department employees are asked to send payments to attacker-controlled bank accounts.

    BEC attacks have also seen an explosive 476% growth between Q4 2017 and Q4 2018, with the total number of email fraud attempts against organizations increasing by 226% QoQ as detailed in a Proofpoint report from January. Story at Bleepingcomputer:

    ttps://www.bleepingcomputer.com/news/security/bec-scammers-trick-employees-into-giving-away-customer-info/

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-PagesCEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Copy and paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Security Awareness Training, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews