Go to the U of M home page

Monday, November 9, 2015

Advisory: Wire Transfer Scams

Most phishing appears to be aimed at stealing email credentials to use for spamming, but occasionally the phishers have a more sophisticated strategy, namely using a stolen account for malicious financial purposes.

Some phishers are looking to hijack accounts they can use to extract payments from University departments - using the account to send requests, sometimes quite insistent, to request fund transfers.

A typical scenario:
  • Victim receives a "shared google document" and "logs in", giving up their ID and password.
  • Phisher researches the victim's email account (by reading their email) to learn more.
  • Phisher notes the victim has a position likely to involve finances.
  • Phisher adds filters to hide messages in folders without landing in victim's inbox.
  • Once the phisher is ready, they use the account to send invoices or other messages to relevant contacts in the victim's mail, requesting money be directed to a bank account they control. Filters divert responses into a folder (or to another email account) so the victim does not see the exchange.
The good news is, we have yet to see this scenario succeed. So far in all cases reported, the requests have been resisted and no money has been reported lost.

Best practices:

  1. Be sure your department has established procedures for all financial transactions, and stick to them.
  2. Treat unusual, hurried and insistent requests with suspicion. "Is this the way Professor Smith normally acts?"
  3. Use other means of communication than email to confirm unusual requests. Make a phone call, or ask in a face-to-face conversation.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.