Wed, Aug 23, 2017
MD|DC CUA wants to alert you to an email scam that it has been made aware of by the Illinois Credit Union League after several of their credit unions were targeted. The FBI has issued warnings of a new type of business email compromise scam, (BEC scam or CEO Fraud), in which the attacker spoofs the boss and tricks an employee at an organization into wiring funds to the fraudster.
In Illinois, an email was sent to the treasurer of one of the Illinois chapters from an employee at another credit union in the chapter asking for payment for a vendor invoice. Fortunately the recipient, the Chapter Treasurer, did the right thing and asked questions.
Unlike traditional phishing scams, spoofed emails used in BEC fraud schemes rarely set off spam traps because these are targeted phishing scams that are not mass e-mailed. It is unknown how victims are chosen. Fraudsters take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans.
They do this by scraping employee email addresses and other information from the target’s website to help make the communications more convincing. In the case where executives or employees have their inboxes compromised by the thieves, the fraudsters will search the victim’s email for certain key words like “invoice,” “deposit” and “president.”
There is an article available which describes the different BEC schemes.
Please contact MD|DCUA if you have any questions regarding this email scam.