I’ve written about phishing before, but it’s worth revisiting as the frequency of these attacks is only increasing.
Recently, a client of ours forwarded an email to us from one of their customers. Someone, impersonating our client was emailing their customer list probing for targets.
This is the email itself. The impersonator spoofed the email to make it seem as though it came from our client, but with small subtle differences (more on that later)
Greetings, Due to missing invoices and files on our system database, can you please confirm to me the status of any outstanding/due payments? If there are any please get back to us at the earliest with the total amount outstanding with corresponding due dates respectively. Kindly advise as soon as possible because there has been a new development in our company so please let me know if there are any outstanding payment.NOTE- . Kindly note that owing to Tax clearance issues resulting to Audit status on our account, the Board and our bank has mandated that payments in our favor henceforth to be received using our subsidiary banking details. Following this development, we advise that you reply immediately the status of outstanding payments and due date and also you wait to hear from us before making any further payment.Thank you in anticipation for your reply.
If you read the email above, it looks almost legitimate. You may be asking yourself right now “Why would they make small mistakes? Are they just sloppy or is there a reason?” They aren’t being sloppy. While some of the poor grammar can be explained by assuming the attacker speaks another native language, most of the time the mistakes are there as a sort of filter to target people who are more susceptible to this scam. Therefore making them a more worthwhile target. This technique is similar to the “Nigerian prince” scam (for nerdy details, see Why Do Nigerian Scammers Say They are From Nigeria?)
Notice how the email doesn’t flat out ask for any sensitive data, only for the customer to reach out and confirm “status of due payments”. The people who reply, are directed to the next level of attacker, who socially engineer more information from the customer.
Pretty sneaking right? Sometimes the email looks like it came from HR, or a supplier, or a fellow employee. They key is to not blindly trust the email sender information, and content.
To avoid these scams, inspect emails like this closely, and make sure to contact the legitimate company to which you have a relationship with, to verify the communication. Do not rely on the phone number, or links within that email.
Lastly, it’s important to not just let these phishing attempts slide. Report phishing to the proper authorities. Follow these links: