If you were to get an email from your boss or an executive at your company asking you to pay an invoice, would you give the email more than just a cursory glance before you paid it?
What was once scams conducted over the phone or through the mail (and sometimes still are), has developed right along with the rest of the world into scams conducted over the internet. One type of scam, called CEO Fraud, is conducted by a perpetrator sending an email to an employee that appears to come from another employee within the company, often a boss or executive. The requests in these emails are often sent near the end of a business day and try to encourage a sense of urgency by claiming that the need payment is a time-sensitive matter. Sometimes, these types of phishing emails come in the form of fraudulent invoices that appear to come from a legitimate company – possibly even one the company does business with.
Facebook and Google just announced today that they both have found themselves victims of just this very type of scam. Both companies received forged invoices from a man posing as an employee of an Asia-based manufacturer. While both companies were able to recover most or all of their losses and the man behind the fraud has been identified and charged, this is not always the case.
Large companies such as those are often targeted because employees fall into the belief that their technology department has them completely defended with antivirus protections, email filtering, and firewalls. While those protections do provide a great deal of protection, cyber-security is part of everyone’s job in companies both large and small.
You can read TrueIT’s post about how to detect scams like this here.
Read more about the scam perpetrated on Google and Facebook here.