Hackers Request Aging Reports to Identify Their Next CEO Fraud Victims for Them



CEO Fraud ChecklistRather than attempt to hack user credentials and gain access to Accounts Payable applications, hackers are now impersonating the CFO and obtaining all the detail they need to launch a scam.

In a decidedly smart move, hackers are now shifting tactics to make it easier to build a list of potential victims to defraud through false wire transfers. Traditionally, this is accomplished by hacking into the AR application from company “A”, and then phishing the AP department in company “B” to trick them into modifying banking details to a hacker-controlled bank account.

In a new twist, hackers impersonate the CFO of company A and request an updated aging report together – a list of outstanding invoices – complete with up-to-date contact details for each of the customers that had unpaid overdue invoices.

So, without needing to do little more than pretend to be the CFO via email, hackers are handed a list of their potential victims. The next stage in the attack would be to pretend to be the AR department in company A and send each of the individuals identified in the aging report asking them to pay their invoice and use new banking details.

Organizations need to have processes in place whenever any kind of information is requested relating to payments – whether those that need to be paid or those that should be received. Hackers are constantly looking for new ways to extract this information to use for their own purposes.

Putting Security Awareness Training in place helps to educate users in these departments about scams that target financial data, details, and transactions. It’s imperative that anyone touching any part of an organization’s financials should continually undergo this form of training to avoid exposing the company to risk of fraud and theft.


Get Your CEO Fraud Prevention Manual

CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

Get Your Manual

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/ceo-fraud-prevention-manual

Topics: CEO Fraud



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews