**Security Alert** Business Email Compromise & Fake Invoice Fraud

curo security

Businesses are being scammed out of millions through Fake Invoice Fraud, make sure you stay ahead of the cybercriminals, and look out for:

• Fake Invoice Fraud

• Spoof Payment Requests 

• Emails To Notify Of New Bank Details

• Legitimate Looking Domains Claiming Transaction Failures

Fraudsters are going into overdrive fooling businesses with FAKE INVOICE FRAUD  by impersonating suppliers or service providers, referring to a real invoice or creating a new one, in a spoof email.
These criminals may have purchased a domain similar to the domain of the legitimate supplier, or contacted staff in advance to obtain information about your company so that their email appears more credible.
If you received an email from @curosupportdesk, for example, the similarities to Curo Support mean you may not question who is actually sending it!
Please be on the alert for Spoof Payment Requests even if they look like they are from a known business you deal with, or claims that transactions have failed and bank details have changed,  as best practice, we would advise any request to make payment to new bank details to be validated via communication with a contact at your suppliers.

Business Email Compromise (BEC)

We sent out an alert recently on the latest RANSOMWARE attack that companies were being hit by, we worked directly with our security providers made sure our customers had immediate access to the security update as soon as it was available.  
However attacks are not always just malicious code, some threats also include a sophisticated scam to exploit a business and is currently costing them millions. 

Business Email Compromise (BEC) commonly begins with a cybercriminal gaining access to an executive or CEO inbox using malware, and then sending emails from this account.  Emails from the ‘CEO’ are then sent requesting funds to be transferred or fake invoices to be paid, which will be paid into an account created by the criminal.  These businesses will have been monitored to ensure the emails sounds as legitimate as possible, and considering that transferring of funds is an everyday task, these emails may never be questioned.  Cybercriminals can also intercept email, changing bank details for example in the email thread. 

Money is not the only goal for these criminals, once you have a CEO inbox you are able to request highly sensitive data, which could be the start of an even greater fraud.

SME’s are being hit by more Cyber Attacks than ever before, leading to the theft, damage, or disruption of business assets and data. We are dedicated in keeping our customers up to date with the latest security strategies and implementations, meaning they can work safely in the knowledge they have first-class defences protecting them from the ever-increasing malicious cyber landscape.  

If you do receive an email you believe to be bogus or would like a second opinion on please contact us.