Educause Security Discussion mailing list archives
Targeted Spearphish attacks impersonating dept heads, directors
From: randy <marchany () VT EDU>
Date: Fri, 14 Sep 2018 14:35:53 -0400
One of my analysts sent this out to our local techie list. I thought the info in it would be appropriate for this list. FYI. --------------- The Security Office has noticed a number of Business E-mail Compromise (BEC) phishing emails recently and wanted to make sure the Techsupport community was aware. These emails generally are from a spoofed VT email address that is masquerading as a Department Head or Director. They generally target individuals that are related to purchasing or finance within the group. The spear-phishing attempts leverage publicly available information. It works as follows. The spoofed email from a higher up will ask the employee to pay some invoice or purchase something from a particular vendor. The higher up is in a meeting and will be tied up all day long but this is a high priority rush, can the employee take care of it immediately. When the employee responds, a back and forth communication can happen where they try to persuade the employee to complete the transaction. Usually the invoice that the scammer creates will be a valid business that the Department already uses or are familiar with them. The payment routing is generally to an individual involved in the scam. There are some interesting variations we’ve seen on these. In a few, they’ve asked to purchase gift cards that they want to use as give-a-ways or as prizes for some upcoming event. Some have been to make online purchases and ship directly to individuals. In all of these cases, the scammers have done a lot of research including the VT and Departmental websites, State procurement records, Linked-in and other similar sites. They identify the relationships in a department and can target the right individuals that have access to make payments. The FBI has a page on this: https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise And here are some additional links with more information and examples of companies that have fallen prey to this. https://www.trendmicro.com/vinfo/us/security/definition/ business-email-compromise-(bec) https://resources.infosecinstitute.com/5-real-world-examples-business-email- compromise/ Thank you, Jeff Lang --------------------------------------------------- Jeffry Lang IT Security Operations (0284) 1300 Torgersen Hall, Virginia Tech 620 Drillfield Dr. <https://maps.google.com/?q=620+Drillfield+Dr.+Blacksburg+VA+24061&entry=gmail&source=g> Blacksburg VA 24061 <https://maps.google.com/?q=620+Drillfield+Dr.+Blacksburg+VA+24061&entry=gmail&source=g> 540-231-4117 jefflang () vt edu --------------------------------------------------
Current thread:
- Targeted Spearphish attacks impersonating dept heads, directors randy (Sep 14)
- Re: Targeted Spearphish attacks impersonating dept heads, directors Bryce Porter (Sep 15)
- <Possible follow-ups>
- Re: Targeted Spearphish attacks impersonating dept heads, directors Joseph Tam (Sep 17)