Compromised email scams targeting Australian business
The ACSC has reported an increase in scams using compromised emails targeting businesses in Australia, particularly around invoicing and payments.
This type of scam is often highly targeted with hackers thoroughly researching organisations first.
Typically, emails that appear to be from the CEO are sent to the head of finance, with directions to pay an invoice or transfer a substantial sum. Occasionally the emails are also followed up with phone calls.
Hackers have been known to even mimic a CEO’s accent to convince the employee to transfer the funds.
In one instance, a hacker posed as a CEO and Chief Operating Officer (COO) of a large business and scammed over US$500,000.
The hacker sent an email posing as the CEO (who was travelling at the time), requesting a large payment from the financial controller.
A second email, which appeared to be from the COO, was then sent to the financial controller. This email contained a fake email trail approving the CEO’s request for payment.
Not realising the request was a scam, the business made two payments to the hacker, one for over US$200,000 and one for almost US$300,000. Both payments were made to overseas bank accounts.
- Always be suspicious of unexpected, urgent demands for large sums of money by any person—including CEOs and other senior leaders. You should always verify these requests directly with the person involved, and follow all governance and due diligence processes.
- Consider adding a second method of verification for large financial transfers, such as verbal verification between employees.
- Alert employees to the threat, especially those conducting or authorising wire transfers or similar financial instruments.
- Consider implementing Sender Policy Framework (SPF) checking to detect and prevent sender address forgery.