Hi Scott, The bank account would be controlled by the fraudsters (most likely using a mule's account). The idea is that with the number of invoices that go through any organisation on a monthly basis, they can simply slip in an invoice for a supplier that you may or may not recognise purporting to be an approved expense from an officer of the company that they've looked up online.
Another version of this has the fraudster requesting/approving an update to an existing vendor's BSB and account number, so that all invoices coming from them from that moment on get paid to the fraudster's account instead, but that requires a bit more research as they'll need to be aware of vendors that you are actively working with - that would be more of an indication that an organisation's email was compromised first (or that they have some other vector for obtaining this information). In some cases they may just use industry knowledge to guess at major suppliers. I would guess (but don't personally know) that the fraudsters engineer sufficient distance between the account holder and themselves so as to not be particularly concerned about enforcement action, and I suspect not a lot of these cases end up getting reported anyway. It's an interesting question as you'd think bank KYC regulation would help to protect against these scams. There's some more information about these schemes here: https://www.scamwatch.gov.au/types-of-scams/buying-or-selling/false-billing On Mon, Feb 4, 2019 at 11:42 AM Scott Wilson <siri...@gmail.com> wrote: > Morning all, > > Just got my first ever "live" spear phishing attack - an email slipped > through purporting to be from our MD to our CFO, asking for a $14k invoice > to be paid. They've named an australian BSB and account #, so I'm curious > as to what the attack vector is - is that bank account compromised? Do they > rely on a bounceback after a few days and then follow up with "oh, > actually, that should have gone via western union..." or is there something > more sophisticated at work? > _______________________________________________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog >
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog