Cybercriminals resort to all types of cheap tricks to get their hands on some money and researchers have noticed recently an increase of fake wire transfer requests coming from alleged company CEOs and executives, targeting employees in finance departments.

This is not a new tactic, but it appears that it is an efficient one, and some variations exist to make the request seem genuine. The scheme is bold and quite simple, which is perhaps why some recipients fall for the trick.

Researchers at Symantec caught multiple emails that urge the recipient, who generally has the ability to make payments, to initiate the procedure for transferring money into specific accounts as payment for fictitious goods delivered by a reputed entity on credit.

Employees make deposits straight into the crooks' accounts

To achieve their purpose, sometimes scammers also resort to registering domain names that can be easily mistaken for those of an organization they try to impersonate. Moreover, they prepare the message so that it appears to be part of a previous conversation, increasing the trust of the potential victim.

Then they deliver an email posing as a member of the upper management of the company and require a wire transfer from the victimized entity.

The message often contains an attachment with a document offering clear instructions about the transaction (bank account number, business identifier code, credit amount and the details about the credited entity).

“During our analysis, we noticed that the scammers are sending the emails out on the same day that they are registering the domains. This is likely in the hope that they can extract payment before the domain is reported and suspended,” Sean Butler from Symantec said in a blog post.

Spoofing the sender’s address is also employed as a means to gain the trust of the receiver. However, upon replying to the email the potential victim should be able to notice that the recipient is reached via a webmail address, not a business one.

In the end, employees in the accounting department of a company deposit the money into the bank accounts controlled by the fraudsters.
Evolved Nigerian scam is also en vogues these days

In a recent form of a complex Nigerian scam observed by the FBI, fraudsters impersonate reputed educational institutions to obtain different kinds of items from retailers on a 30-day credit.

The merchandise is then shipped to Nigeria through an accomplice that is unaware of taking part in the scheme. Once they get overseas, the items are rarely recovered.

The Bureau informs that this kind of deceit has been carried out against a total of 250 vendors in the US in the past two years, and led to an estimated $5 / €3.937 million in losses.